ClawHub

发票查重

Security checks across malware telemetry and agentic risk

Overview

This invoice deduplication skill does what it claims, but it asks users to share and persist an API key in unsafe ways.

Install only if you trust the invoice API provider and are comfortable sending invoice metadata to it. Do not paste the API key into chat or store it in shell profiles; use a dedicated secret store or a one-time local environment variable, and rotate the key if it has already been shared.

Publisher note

使用此技能将发票信息录入系统进行查重,或查询已有的查重记录。

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to persist the apiKey into shell startup files or user-level environment variables without warning the user that this stores a secret long-term in plaintext. That increases the chance of credential exposure through shell history, profile inspection, backups, multi-user access, or later unrelated processes inheriting the secret.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends sensitive business data and an API key to remote endpoints via the shared post() helper, but this file provides no explicit user-facing disclosure at the point of use that invoice contents and credentials will be transmitted externally. In an agent setting, lack of clear disclosure increases the risk of users unknowingly sharing regulated financial data and secrets with a third-party service.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to ask the user to send the apiKey directly and then write it into persistent environment storage, exposing a secret in plain language and retaining it beyond the immediate task. In this context, the danger is elevated because the same secret is then used for remote API calls involving potentially sensitive invoice records, so compromise could enable ongoing unauthorized access and data misuse.

Ssd 3

High
Confidence
99% confidence
Finding
The script explicitly tells the user to send their API key to the agent so the agent can configure and execute the skill. This trains users to disclose secrets through conversational channels and creates a direct credential-exfiltration pattern, especially dangerous in agent ecosystems where logs, plugins, or intermediaries may retain or expose the key.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal