ClawHub

Greek Banking Integration

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Greek bank statement processing, but it handles sensitive financial data and includes optional accounting-system mutation and Xero API push without enough scoping or safety guidance.

Review carefully before installing. Use a protected data directory, avoid shared or backed-up folders for raw bank statements, do not configure XERO_API_KEY unless direct Xero posting is required, and run export or auto-update commands only after reviewing what accounting records will be changed or transmitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a file-based bank statement parser, but it also declares optional direct Xero API push capability in metadata and later documentation. That broadens the trust boundary from local file processing to outbound transmission of sensitive financial data, creating a materially different security profile than the description suggests.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Introducing XERO_API_KEY adds credentialed third-party access that is not necessary for core local CSV/Excel parsing. Users may provide credentials without understanding that the skill can send accounting data externally, increasing risk of credential misuse, accidental exfiltration, or over-privileged integration.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The documentation claims no bank API or credentials are needed, yet also advertises API-key-based direct Xero push in the same section. While technically referring to bank credentials, this messaging is misleading and can cause users to underestimate the sensitivity and connectivity of the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill processes bank statements, reconciliation reports, VAT data, and client payment information, all of which are highly sensitive financial records. Failing to warn users that these files will be stored and processed on disk can lead to insecure deployment on shared systems, backups, or poorly protected directories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents direct Xero API push using an API key but does not explicitly warn that financial transaction data may be transmitted to an external service. Users may assume all processing is local and unintentionally expose regulated or confidential accounting data to a third party.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The auto-monitoring and auto-processing workflow can ingest newly dropped bank files without a fresh review step, which is risky given the sensitivity of the data involved. On multi-user or automated systems, sensitive statements could be processed unexpectedly, increasing exposure, propagation, and accidental export risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal