ClawHub

Invoice Collector

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it handles sensitive Gmail invoices and sends them automatically while also rendering email HTML in an unsandboxed browser.

Review carefully before installing. Use only with a Gmail account and destination you explicitly control, verify the config queries/date range/recipient before each run, prefer checksum-verified installs, and run the screenshot path in an isolated environment or modify it to disable JavaScript and outbound network requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script renders attacker-controlled email HTML inside a real browser and waits for network idle, allowing external resources, tracking pixels, and potentially active content to execute or be fetched during screenshot generation. This exceeds simple invoice collection and can leak metadata, trigger unintended outbound requests, or expose the browser environment to malicious email content.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill is triggered by very broad language around collecting invoices and forwarding email, but it operates on highly sensitive mailbox content and can exfiltrate attachments to another address. Without tighter activation boundaries or explicit confirmation requirements, a vague user request could cause unintended processing and transfer of private financial documents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill collects emails, downloads attachments, and forwards them to another recipient, but it does not prominently require a privacy warning or explicit user acknowledgement before transferring potentially sensitive financial data. In this context, missing consent and data-transfer disclosure increases the risk of accidental exfiltration of invoices, receipts, account information, and personal data.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill accesses a Gmail account and processes invoices and receipts, which commonly contain sensitive financial and personal data, then prepares them for forwarding without any explicit privacy notice or confirmation step. In an agent setting, this increases the chance of silent data handling beyond what a user fully expects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically emails collected attachments to a configured recipient with no approval checkpoint, allowing sensitive invoices to be exfiltrated if the config is wrong, maliciously supplied, or the destination is mistyped. Because invoices often contain billing details, addresses, and account information, unintended transmission can cause a significant confidentiality breach.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal