ClawHub

QuickBooks for Beginners | Accounting skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real payments skill, but it needs Review because it grants broad financial authority and handles sensitive card, identity, and shipping data with some weak scoping.

Install only if you intended to enable CreditClaw payment and commerce features, not just QuickBooks/accounting. Use a limited and revocable API key, keep human approval required for purchases and public seller actions, avoid main-agent card decryption, and only run encrypted-card checkout in a disposable sandbox with restricted logging, filesystem, and network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports collecting buyer-identifying information such as recipient name, recipient email, and optionally buyer name, but it does not warn the operator that personal data is being gathered, transmitted to CreditClaw/Stripe, and potentially stored. In an agent context, this can cause silent handling of PII without informed user approval, creating privacy, compliance, and data-minimization risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents sending invoices by email with PDF attachments to recipients, but it does not warn that this triggers outbound communication and discloses invoice contents and recipient data to external email infrastructure. In agent workflows, silent emailing can expose sensitive business or personal information to unintended recipients or send messages without the owner's awareness.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs agents to transmit sensitive personal data, including full shipping address and an authorization bearer token, to an external purchase API without any explicit warning about privacy, data retention, consent, or safe handling expectations. In a payment and ordering skill, this omission increases the chance that downstream agents will collect and send unnecessary personal information without validating user authorization or minimizing exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to save a self-contained encrypted card file to local disk without a strong warning about the sensitivity and lifecycle of that artifact. Even if encrypted, the file is payment-related material and includes a decrypt script; storing it on disk increases exposure through backups, workspace sharing, malware, or later misuse if access controls are weak.

Missing User Warnings

High
Confidence
98% confidence
Finding
The alternative flow explicitly allows the main agent to decrypt and view full card details in its primary context. That defeats the isolation goal of the sub-agent design and materially increases the chance of card data leaking into memory, conversation history, logs, tool traces, or downstream prompts.

External Transmission

Medium
Category
Data Exfiltration
Content
The sub-agent calls this endpoint to retrieve the one-time decryption key:

```bash
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \
  -H "Authorization: Bearer $CREDITCLAW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "checkout_id": "r5chk_abc123" }'
Confidence
80% confidence
Finding
curl -X POST https://creditclaw.com/api/v1/bot/rail5/key \ -H "Authorization: Bearer $CREDITCLAW_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "checkout_id": "r5chk_abc123" }' ``` **Re

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal