ClawHub

百望股份智能发票查验(公开版)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed invoice-verification integration, but it sends invoice data to a remote service and stores local configuration and result files.

Install only if you are comfortable sending invoice text, invoice images, and sidecar text files to the disclosed remote service. Use explicit skill-prefixed commands for initialization, uploads, and recharge orders; confirm directory paths and recharge amounts carefully. Delete ~/.openclaw/invoice-skill/config.json and identity.json and remove generated batch result files when you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill discloses that it performs outbound network requests to a third-party service and writes persistent local configuration/identity files, yet it declares no permissions. This mismatch undermines user consent and platform trust boundaries because users cannot accurately assess that invoice text, images, and batch folder contents will be transmitted off-device and that identifiers will be stored locally.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest enables implicit invocation without any narrowly scoped activation conditions, which means the skill may be triggered in broader conversational contexts than intended. Because this skill can send invoice data to an external service and can write local configuration files, over-broad auto-invocation increases the chance of unintended data disclosure or accidental execution of sensitive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Batch verification writes per-file results and summaries to disk automatically under the source directory, and those results can contain sensitive invoice details, verification responses, file paths, and metadata. Because this persistence happens by default without an explicit opt-in or secure file-permission handling, it increases the risk of local data exposure to other users, backup systems, or later unintended sharing.

VirusTotal

1/58 vendors flagged this skill as malicious, and 57/58 flagged it as clean.

View on VirusTotal