ClawHub

Recite

Security checks across malware telemetry and agentic risk

Overview

This receipt-processing skill mostly does what it says, but users should review it because it uploads sensitive receipts, changes local files automatically, and has weak safeguards.

Review before installing. Use it only if you trust the Recite API with receipt and invoice contents, run it on copies or backups first, inspect long_term_memory.md before workflows, and protect the API key. The publisher should add explicit upload consent, dry-run confirmation, stronger filename sanitization, path containment checks, and clearer privacy wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly says receipt images and PDFs are processed using the Recite Vision API, which implies financial documents containing potentially sensitive personal and payment data are sent to a third-party service. Because the documentation emphasizes 'Local-First' without a clear privacy warning, retention policy, or explicit disclosure that document contents leave the machine, users and agents may transmit sensitive data without informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly states it will rename local files and append data to a CSV in the target folder, but it does not prominently warn that running the workflow will modify user files on disk. In an agent setting, silent file mutation is security-relevant because users may expect analysis-only behavior and could suffer unintended data loss, broken references, or overwritten bookkeeping artifacts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script base64-encodes local receipt files and sends them to a third-party HTTPS API for processing, but provides no explicit consent prompt, notice, or data-handling disclosure to the user. Receipt images commonly contain sensitive financial and personal information, so silent transmission to a remote service creates a real privacy and compliance risk even if the API is intended for the feature.

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
- **Smart Renaming:** Automatically renames files to `[YYYY-MM-DD]_[Vendor].png/pdf`.
- **Schema-Aware Bookkeeping:** Appends data to `bookkeeping_transactions.CSV`. Handles API response changes without data loss.
- **Local-First:** Keeps your financial data on your machine.
- **Long-Term Memory:** Supports custom persistent instructions (e.g., "Alert if total > $500").

## 🛠️ Setup
Confidence
80% confidence
Finding
persistent instruction

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal