Security audit

Invoice Guard

Security checks across malware telemetry and agentic risk

Overview

Invoice Guard fits its invoice-compliance purpose, but it handles sensitive invoice data and documents persistent Feishu/cloud exports without enough consent, scoping, or accuracy in its capability claims.

Review before using this skill with real company invoices. Require explicit approval before any OCR upload, tax-platform verification, Feishu document creation, or Bitable export; use least-privilege Feishu credentials; confirm document sharing settings; and do not rely on advertised image similarity or official verification until the implementation is corrected and tested.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The README makes a strong privacy claim that invoice raw data is not stored, yet elsewhere it documents writing compliance reports to local files and exporting invoice details to Feishu documents and tables. For an invoice-processing skill, this mismatch can mislead users about retention and disclosure of sensitive financial and tax data, creating privacy, compliance, and trust risks.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The module-level docstring claims batch invoice verification is supported, but `verify_invoice_tax()` is only a stub that always returns `unchecked`. In an invoice compliance tool, this can mislead operators into believing official tax verification occurred when it did not, creating a business-security and fraud-detection gap rather than direct code execution risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation describes sending invoice details to Feishu cloud documents, Feishu Bitable, and local files without prominent warnings about data export, persistence, access control, or third-party handling. Because invoices contain sensitive business, tax, and personal data, silent or poorly disclosed external writes materially increase data leakage and compliance risk.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase list is very broad and can activate the skill for ordinary invoice-related conversation, increasing the chance that sensitive invoice data is processed or routed into this workflow without sufficiently explicit user intent. In this context, the skill can invoke OCR, tax verification, and report/export flows on financial documents containing personal and corporate identifiers, so over-triggering raises privacy and data-handling risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill describes sending invoice data to the national tax verification platform and Feishu-related services without a clear, prior user warning or consent checkpoint. Because invoices commonly include tax IDs, company names, amounts, dates, and other sensitive financial data, silent transmission to third parties can create serious privacy, confidentiality, and compliance issues.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill states that reports are written to shareable, collaborative Feishu documents and invoice details are stored in Feishu Bitable, but it does not prominently warn users that sensitive financial records may become accessible to collaborators or anyone with granted sharing permissions. This is dangerous because invoice datasets can contain regulated business information and personally identifying tax data, and accidental oversharing through collaboration tools is a common real-world data exposure path.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs the skill to send invoice fields to an external tax verification endpoint, but it does not clearly warn users that invoice metadata will leave the local environment and be disclosed to a third party. Invoice numbers, dates, amounts, and related tax records can be sensitive business data, so silent transmission creates a privacy and compliance risk, especially in enterprise reimbursement workflows.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The CLI ingests and prints full invoice records including tax IDs, names, raw OCR text, file paths, and derived hashes, which are sensitive financial and tax data. Emitting this data by default to stdout increases the chance of accidental disclosure via shell history, logs, CI pipelines, terminal capture, or downstream tooling.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.