ClawHub

Quickbooks-Agent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate QuickBooks tool, but it gives broad power to change real accounting data and installs unpinned external code.

Review before installing. Use a QuickBooks sandbox first, pin or inspect the GitHub repository before building, protect the .env credentials and OAuth tokens, and require manual approval before any create, update, delete, void, send, payment, transfer, import, journal-entry, batch, or preferences command. I found no artifact-backed evidence of deception, exfiltration, or destructive intent beyond the documented high-impact accounting authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented bank import workflow can create unmatched purchases or deposits directly in QuickBooks, which modifies accounting records and may materially affect ledgers, reconciliation, and financial reporting. Although this appears to be normal product functionality rather than malicious behavior, the lack of an explicit destructive-change warning and confirmation guidance makes accidental misuse by an agent or user more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The batch operations feature supports delete actions against QuickBooks entities and transactions, enabling bulk destructive changes with limited friction. In an agent-facing skill, this is especially risky because automation can amplify mistakes, and the documentation does not clearly warn that batch files may delete or alter production accounting data at scale.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Updating company preferences changes organization-wide accounting settings, which can affect bookkeeping behavior across the entire QuickBooks company, not just a single record. The absence of a warning about global impact increases the chance an agent or operator makes high-consequence configuration changes without understanding their scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal