ClawHub

vietnam-invoice

Security checks across malware telemetry and agentic risk

Overview

The skill matches its invoice-verification purpose, but it needs review because it sends sensitive invoice content to external services and disables TLS verification for tax-authority requests.

Install only if you are comfortable sending invoice documents or extracted invoice details to the configured VL provider and using Chaojiying for CAPTCHA solving. Use dedicated low-privilege credentials, avoid pasting secrets into chat or logs, run it in an isolated environment, and review the disabled TLS verification before relying on results for business decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill sends CAPTCHA images to a third-party solving service using stored credentials in order to automate access to the tax API. This expands data exposure to an external processor and bypasses an anti-automation control, which is risky and not clearly disclosed or necessary for a typical invoice-verification workflow.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code uploads invoice images or PDF pages to an external VL model provider for field extraction, which may expose sensitive business and tax data outside the primary verification service. There is no user-facing consent, warning, or data-minimization control before this transmission occurs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill depends on third-party CAPTCHA-service credentials from environment variables and uses them to send requests to an external provider without explicit disclosure in the user-facing behavior. This creates hidden trust and data-flow assumptions that can expose account misuse, billing abuse, and operational secrets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to run a verification flow that sends invoice files and extracted invoice data to third-party services, but it does not warn users that potentially sensitive financial documents will leave the local environment. In the context of invoices, this can expose personally identifiable information, tax identifiers, company data, and transaction details without informed user consent, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill asks users to configure credential environment variables for external services but does not provide any warning about safe secret handling. This increases the chance that users will expose API keys or passwords through shell history, screenshots, shared terminals, logs, or unsafe storage practices.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal