ClawHub

unified-invoice

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate invoice generator, but it handles sensitive business and banking data with under-scoped local storage and unsafe rendering paths.

Install only in a trusted local workspace. Do not use untrusted client names, item descriptions, or notes until the skill escapes generated HTML/Markdown and constrains output paths. Treat the data files and output folder as sensitive because they can contain business identifiers, client contact details, invoice amounts, and bank information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script connects to a browser automation service over plain HTTP at localhost:18800 to render PDFs, introducing an undeclared external dependency and a trust boundary. If a malicious or unintended service is listening on that port, sensitive invoice HTML containing business and client data could be rendered by or exposed to that service, and the generated document content could be manipulated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill supports adding, editing, listing, and removing client records containing business identifiers and contact details, but the documentation does not clearly warn that this data is persisted locally or that removal is destructive. This can lead to accidental retention or deletion of sensitive business data, especially in shared workspaces or multi-user environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to store business identity details and bank account information in plaintext JSON files. This is dangerous because financial and personally identifiable information may be exposed through filesystem access, backups, source-control mistakes, or shared workspace leakage, enabling fraud or privacy breaches.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script persists client names, billing amounts, dates, and invoice contents to disk without any notice, consent flow, retention policy, or access control checks. In a billing context, this can expose sensitive business and personal data to other local users, backups, logs, or later automation that reads the workspace.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code initiates an HTTP connection to a local browser automation endpoint without making that network behavior explicit to the user. In this skill context, invoice generation may involve sensitive personal and business information, so silently sending rendered content to another process increases exposure risk if the endpoint is compromised, replaced, or unexpectedly shared.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal