ClawHub

Uplo Accounting

Security checks across malware telemetry and agentic risk

Overview

This accounting knowledge skill is coherent, but it exposes broad organizational data export and session logging for sensitive financial work without clear user controls.

Install only for a trusted UPLO instance with an accounting-scoped, least-privilege token. Require explicit user or admin approval before using full organizational exports or directive retrieval, and define redaction, retention, access control, deletion, and audit rules before enabling conversation logging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The README positions the skill as accounting-focused, but the documented tools include broader organizational-intelligence capabilities such as directives, expertise discovery, and full context export. This scope mismatch can mislead users into installing a skill with materially broader data access than expected, increasing the risk of over-collection and unintended disclosure.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
`export_org_context` enables extraction of a full organizational context snapshot, which is far broader than the stated accounting knowledge-search purpose. In an accounting environment, this could expose sensitive financial, personnel, operational, and strategic information in bulk, making misuse or overbroad agent access especially dangerous.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
`get_directives` retrieves strategic priorities and directives, which exceeds the described purpose of bookkeeping, tax, and audit document search. Access to strategic directives can leak sensitive executive planning data and enable unnecessary privilege expansion through a seemingly narrow accounting skill.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
`find_knowledge_owner` introduces people-intelligence functionality not clearly tied to the accounting search use case. Even if useful operationally, exposing personnel or expertise-mapping features through an accounting-branded skill can reveal internal organizational structure and facilitate social engineering or targeted data access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises broad search and export capabilities over accounting and organizational knowledge but provides no warning about the sensitivity of financial records, audit workpapers, tax documents, or bulk organizational context. This omission increases the chance that users will deploy the skill without appropriate safeguards, despite the high sensitivity of the data involved.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly exposes an `export_org_context` capability in normal usage guidance without any warning, gating, or limitation around sensitive organizational data. In an accounting-focused skill, organizational context is likely to include confidential financial, tax, audit, or internal operational information, so normalizing this action increases the risk of unnecessary bulk disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to log conversation summaries, topics, and tools used at session end, but provides no user notice, consent mechanism, retention guidance, or sensitivity filtering. Because this skill operates on accounting knowledge, those logs could capture confidential financial discussions, tax matters, client details, or internal controls information and create a secondary data exposure surface.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal