ClawHub

Expense Report Wizard

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed expense-report assistant that handles sensitive finance documents, but its file access and integrations are aligned with that purpose and mostly user-directed.

Install only if you are comfortable giving the assistant reimbursement materials such as invoices, local invoice folders, company names, and finance policy text. Review before enabling connected OCR, online document, calendar, or enterprise messaging integrations, since those may process sensitive business expense data outside the chat environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The metadata description includes broad trigger wording such as '帮我整理报销、做报销单等', which can overlap with ordinary user requests and cause the skill to be invoked when the user did not intend this specific workflow. Because the skill can request sensitive financial documents, read local folders, and launch a multi-step process, ambiguous triggering increases the risk of unintended data exposure or over-collection.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill says phrases like '帮我整理这次出差报销' will cause the wizard to '自动走完全流程', which is an ambiguous auto-invocation model for a workflow that can collect invoices, request company policy, and read a local path provided in chat. This is dangerous because routine language could unintentionally trigger a high-privilege sequence and lead to unnecessary access to sensitive personal and corporate financial data.

Vague Triggers

Low
Confidence
83% confidence
Finding
The statement that '每一步自动推进,无需手动触发' removes clear boundaries between stages and makes it harder for users to understand when the skill is about to perform more sensitive actions. In context, this matters because later steps may involve compliance judgments, external integrations, and file operations, so automatic progression can amplify accidental execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal