ClawHub

工资审核助手

Security checks across malware telemetry and agentic risk

Overview

This payroll-audit skill appears purpose-built, but it needs review because it handles highly sensitive payroll data with automatic local output, Feishu sharing, and under-scoped write/recovery language.

Install only in an approved payroll or HR environment. Treat all inputs and generated reports as sensitive, avoid /tmp for real payroll data, verify any Feishu recipient before sending, minimize employee identifiers where possible, and require human review before payroll release or any data-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documents file read/write behavior and local report generation to /tmp, but it does not declare corresponding permissions. Undeclared capabilities reduce transparency and can bypass user expectations or platform governance, especially when handling sensitive payroll data and generated audit artifacts.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
An audit/reporting skill should be read-only, but this documentation introduces state-changing behavior such as restoring payroll data and database-style modification semantics. In the payroll context, unnecessary write or recovery capabilities are dangerous because they can alter compensation records, corrupt evidence, or create unauthorized payroll changes.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The documented workflow describes bulk execution against records, phased processing, batching, and operational semantics beyond passive audit/report generation. In a payroll environment, broad bulk-processing behavior increases the risk of unintended modification, misuse of sensitive employee data, and scope creep beyond what users expect from an audit assistant.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Backup recovery capability is not justified for a payroll audit report generator and creates an unnecessary path to overwrite or roll back sensitive payroll data. In this context, such a function could be abused to tamper with salary records or destroy the integrity of payroll evidence and audit trails.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Database-style write semantics such as upsert and insert are not necessary for an audit skill and materially expand its power from observation to modification. Because the skill operates on payroll data, this unnecessary capability could enable unauthorized record creation or alteration with financial, legal, and compliance consequences.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The report presents a '本月 vs 上月' risk comparison, but the '上月' series is fabricated from current-month values rather than sourced from historical data. In a payroll-audit skill, this can mislead reviewers into believing trend analysis was performed, causing incorrect audit conclusions or masking deterioration in payroll controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic transmission of payroll audit outputs to Feishu without an explicit warning or consent step for sharing highly sensitive payroll data. This increases the likelihood of accidental disclosure of salary, tax, social insurance, and employee-status information to unintended recipients or external services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Promising fully automatic, zero-human-intervention payroll processing without prominent warnings about handling sensitive data can cause users to trigger broad processing and file generation without understanding privacy and operational consequences. In the payroll context, this raises the risk of unintended disclosure, overcollection, and unsupervised processing of regulated employee compensation data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal