ClawHub

发票识别(invoice-discern) - 慧穗云

Security checks across malware telemetry and agentic risk

Overview

This skill performs the invoice-recognition task it advertises, but users should treat uploaded invoices and HuiSuiYun API keys as sensitive.

Install only if you trust HuiSuiYun with the invoice files you choose to process and with the HSY_AK/HSY_SK credentials. Verify the file path before running the script, keep credentials out of chats and logs, and leave HSY_API_URL set to the documented HuiSuiYun HTTPS endpoint unless you have a trusted internal proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'discern_url' from os.getenv (line 64, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
try:
        with open(file_path, 'rb') as f:
            files = {'file': f}
            response = requests.post(discern_url, files=files, headers=headers)
        return response.json()
    except Exception as e:
        return {"error": str(e)}
Confidence
94% confidence
Finding
response = requests.post(discern_url, files=files, headers=headers)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description explains invoice recognition but does not clearly warn that user-supplied invoice files and the extracted invoice contents are transmitted to a third-party service. Because invoices often contain sensitive personal and financial data, this omission can mislead users into sharing regulated or confidential documents without informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill uploads full invoice image/PDF/OFD/ZIP contents to a remote third-party API, but the code provides no explicit disclosure, consent prompt, or privacy guardrail at the point of transfer. Since invoices commonly contain tax IDs, company names, addresses, bank details, and financial metadata, silent transmission increases privacy, compliance, and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal