ClawHub

smartbill

Security checks across malware telemetry and agentic risk

Overview

This SmartBill skill appears legitimate, but it needs review because it can issue real invoices and routinely logs sensitive invoice/customer details.

Install only if you trust this publisher with SmartBill billing operations. Use dry-run first, explicitly approve any final invoice, keep SMARTBILL_API_BASE pointed at the official SmartBill endpoint unless testing, choose PDF output paths carefully, and treat stderr/run logs as sensitive because they may contain customer and invoice data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs use of a local Python CLI that reads credentials from environment variables, accepts file inputs and outputs, and performs outbound network calls to the SmartBill API, but the skill declares no corresponding permissions. This mismatch reduces transparency and can lead an agent or operator to run a capability-bearing skill without understanding that it can access secrets, local files, and external services, which is especially sensitive because it can issue invoices and download business documents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes `POST /invoice` and notes `isDraft: false` creates a final invoice, but it does not clearly warn that this action has real-world financial and legal effects. In an automation skill, that omission increases the chance of accidental issuance of non-test invoices, especially if users or agents copy the example payload directly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The client logs full request bodies for invoice creation and full response bodies for both success and error cases to stderr. In this billing context, those payloads can contain customer identities, addresses, VAT/CIF data, product details, prices, and other financial records, so routine execution can leak sensitive data into terminal history, CI logs, orchestrator traces, or centralized logging systems.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal