Back to skill
Skillv1.0.0
ClawScan security
Ntriq X402 Invoice Extract · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 12:01 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims local, on-device invoice extraction but its instructions require posting invoice images (or base64) to a remote service and paying per call — this mismatch and the potential for sending sensitive financial data off-device are concerning.
- Guidance
- This skill claims to run locally but actually sends invoice images (or base64) to a remote server and charges $0.03 per call via an X-PAYMENT header. Before installing or enabling it: (1) Do not send real or sensitive invoices — test with dummy images first. (2) Verify the service owner and read the privacy/retention policy on https://x402.ntriq.co.kr; confirm how long data is stored and whether it's used for training. (3) Understand how the X-PAYMENT header is generated and whether you must expose wallet/private keys; never provide private keys to the agent. (4) If you require privacy, prefer true local/offline extraction tools. (5) If allowing autonomous invocation, restrict outbound network access or require manual approval for each call to avoid unexpected charges. If you cannot verify the payment mechanism and data handling, treat this skill as untrusted.
- Findings
[regex-scan-none] unexpected: No code files were present for regex analysis. Absence of scanner findings is expected for instruction-only skills but does not imply safety; the SKILL.md itself contains the concerning behaviors (remote upload + payment).
Review Dimensions
- Purpose & Capability
- concernThe description states "Local AI vision, no cloud upload," but the runtime instructions show a remote POST to https://x402.ntriq.co.kr/invoice-extract and require an X-PAYMENT header. A genuinely local-only extractor would not instruct sending images or base64 to a remote endpoint or require an on-chain payment. This is a clear inconsistency between claimed purpose and actual behavior.
- Instruction Scope
- concernThe SKILL.md explicitly directs the agent to transmit invoice images (via URL or base64) to an external endpoint. Invoices frequently contain sensitive PII and financial/accounting data; the skill provides no privacy, retention, or data-use details. It also requires an X-PAYMENT header for charging per call, but does not declare how that header is generated or stored.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). That minimizes on-disk risk — nothing is downloaded or executed locally by an installer.
- Credentials
- noteThe registry metadata declares no required environment variables or credentials, which matches that no API key is needed. However, the service requires an X-PAYMENT header (payment via x402/Base mainnet) that is not declared in requires.env or primaryEnv. The payment mechanism could require wallet access or signed authorizations outside the skill metadata; this omission is notable because it affects cost and trust.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request persistent system privileges or config paths. Autonomous invocation is allowed (platform default) but not elevated by the skill itself.