ClawHub

发票认证

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the tax-invoice work it advertises, but it handles API keys and tax-login credentials with risky persistent storage and weak disclosure.

Install only after reviewing the credential handling. Use a dedicated revocable apiKey, avoid pasting secrets into chat, avoid storing tax passwords or API keys in shell profiles or the skill directory, and delete the .session file after use. Make sure you trust the remote tax-service provider before using this for real taxpayer or invoice data.

Publisher note

使用此技能进行税局登录、发票勾选认证、查询认证状态、申请抵扣统计等操作。

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to inspect and modify persistent system configuration, including user environment variables and shell profile files, to store an API key. Persisting credentials in broadly accessible locations expands the secret's exposure surface and exceeds what is necessary for a single invoice-certification session.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill persists highly sensitive tax-account credentials, including the password, to a local .session file in plaintext. In this tax-filing context, those credentials can enable unauthorized access to government tax systems and invoice actions well beyond a single execution of the skill, making the exposure materially dangerous.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to persist the user's apiKey into shell profiles or user-level environment settings without a clear warning that this changes system configuration and may leave long-lived credentials on disk. Users may unknowingly authorize a persistent secret installation that affects future shells and other local processes.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code writes tax login credentials to a local session file without warning the user that their account and password will be retained. Silent persistence of government-tax credentials increases the risk of credential theft from local compromise, backups, logs, or multi-user environments.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The script explicitly tells the user to send their apiKey to the agent so the agent can configure and execute the skill. Encouraging direct sharing of a live credential with an agent violates least-privilege expectations and can expose the key to misuse, replay, or retention outside the user's control.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill is designed around the user handing a sensitive API credential to the agent so the agent can act on their behalf. In a tax-operation skill that can log in, sign, query invoices, and commit deductions, this makes the credential especially powerful and raises the risk of unauthorized tax actions if mishandled.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal