ClawHub

发票内容识别

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent invoice OCR tool, but it sends selected invoice files to Baidu Cloud OCR and saves an Excel result locally.

Install only if you are comfortable sending the selected invoice PDFs/images to Baidu Cloud OCR. Use dedicated Baidu credentials in a private .env file, confirm the output path before running, and prefer a virtual environment with pinned dependencies instead of the documented system-wide pip command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly requires sensitive capabilities: reading local files, loading environment variables, and making outbound network requests to Baidu OCR, yet no permissions are explicitly declared. This weakens transparency and policy enforcement because users and hosts cannot accurately assess or constrain what the skill will access before execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior does not fully match what the skill may do, especially the fallback to a different OCR path and the more limited actual extraction/reporting behavior. Behavior mismatches are dangerous because users may consent to one type of processing while the skill performs broader data transmission or provides less reliable outputs than promised.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger conditions are overly broad and include casual phrasing like '帮我识别这张发票', increasing the chance the skill activates automatically in contexts where the user did not intend file upload, OCR, credential use, or external transmission. Over-broad activation is especially risky here because the skill handles sensitive financial documents and sends them to a third-party cloud service.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill processes invoices, which commonly contain personal, corporate, and tax information, but the description does not clearly warn that document images and extracted text are transmitted to Baidu OCR services. This is a meaningful privacy and data-governance issue because users may unknowingly expose regulated or confidential financial data to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends invoice images, which commonly contain sensitive financial and tax information, to Baidu OCR over the network without any user-facing notice or consent step. In an agent skill context, this can cause unexpected third-party disclosure of regulated or confidential data, especially when users believe processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal