ClawHub

FactuCat CLI

Security checks across malware telemetry and agentic risk

Overview

This invoicing skill is coherent and disclosed, but it gives agents unattended commands that can issue and send real invoices without a clear approval checkpoint.

Install only if you trust FactuCat and the `@factucat/cli` npm package. Before allowing agent use, require invoice preview plus explicit approval before any `invoice stamp` command or delivery flag, and keep the FactuCat API key out of logs, shell history, screenshots, and shared terminals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly notes that `factucat invoice stamp` may ask about sending the stamped invoice through registered customer contact channels, but it does not prominently warn that this can trigger external communications to real recipients. In an agent context, that omission can lead to unintended invoice delivery, privacy issues, or accidental business actions when a user expected only draft generation or stamping.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill states that authentication is performed with a FactuCat API key but does not include a clear warning that this is sensitive credential material requiring secure handling. In agent and automation workflows, missing this warning increases the chance of exposing the API key in logs, shell history, screenshots, or prompts, which could enable unauthorized access to invoicing operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document tells users to pass a live API key directly on the command line and via shell input examples without warning that secrets may be exposed through shell history, process listings, terminal logs, or shared session tooling. In a CLI skill centered on authentication and invoice operations, this creates a realistic credential leakage path that could let an attacker use the FactuCat account to issue, view, or send billing artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation presents unattended invoice stamping and optional customer delivery as straightforward automation steps without warning that stamping is effectively irreversible and may trigger real outbound notifications. In an agent or script context, this increases the chance of accidental issuance, unintended delivery to customers, and downstream financial, compliance, or reputational harm if a draft is incorrect or operated against production credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal