ClawHub

Intuit-quickbook

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only QuickBooks skill, but it should be reviewed carefully because it guides AI-driven accounting and payment workflows using sensitive QuickBooks credentials without enough guardrails.

Install only if you are prepared to treat it as high-impact financial automation guidance. Use sandbox first, store QuickBooks secrets outside committed config files, restrict OAuth scopes, require human approval for payments or posting actions, set transaction limits, and replace the query-string sanitization guidance with a stricter allowlisted query builder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The guidance recommends building IDS queries by interpolating user input and escaping single quotes with backslashes, which is unsafe and likely incorrect for this query dialect. If developers follow this advice, attacker-controlled input can break query structure, alter filters, or cause unexpected data exposure or query failures.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document instructs users to place QuickBooks OAuth client credentials directly into an MCP configuration file and presents agent-driven accounting actions such as bill payment without any warning about secret handling, authorization boundaries, confirmation requirements, or financial consequences. In an AI/MCP context, these omissions are risky because connected tools may enable high-impact financial operations, and readers may adopt the example as-is, leading to credential exposure or unintended autonomous payments.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal