ClawHub

SmartBill Invoicing

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent SmartBill invoicing helper, but users should avoid enabling debug logging with sensitive invoice data.

Install only if you are comfortable giving the skill access to SmartBill credentials and invoice/customer data. Use the final-invoice flag deliberately, choose PDF output paths carefully, and avoid debug mode unless logs are protected and you are prepared for invoice payloads to appear there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill exposes sensitive capabilities through environment-variable access, local file read/write, and outbound network use, but does not declare explicit permissions. That creates a trust and containment gap: a caller or platform may underestimate what the skill can access, including SmartBill credentials and arbitrary PDF output paths. In this context, the capability set is partly expected for invoicing, but the undeclared scope still increases the risk of secret exposure, unintended filesystem writes, and external data exfiltration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When debug mode is enabled, the CLI logs full request bodies and response bodies to stderr, which can include invoice contents, customer identifiers, addresses, tax data, and other business-sensitive information. In agent or automation environments, stderr is often centrally collected, persisted, or exposed to operators, so this creates an unintended data disclosure channel even though the Authorization header is excluded.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal