Back to skill

Security audit

Ntriq X402 Invoice Extract

Security checks across malware telemetry and agentic risk

Overview

This skill does invoice extraction through a paid remote API, but it misleadingly says there is no cloud upload while sending invoice data to that service.

Review before installing. Use this only for invoices you are comfortable sending to ntriq's remote service, verify its privacy and retention terms, and keep x402 wallet approvals or spending limits tight because each call can spend USDC.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises invoice extraction but does not clearly warn users that invoice images or extracted billing data are transmitted to a remote paid endpoint. Because invoices commonly contain sensitive financial and personal data, this omission can mislead users into sharing confidential documents without informed consent, increasing privacy, compliance, and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.