ClawHub

sales-report-parser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent sales-report OCR and export tool, but it sends report contents to a MiniMax-compatible API and should be used only with data approved for that service.

Use this in a virtual environment, pin and review dependency versions, avoid putting API keys in shell history where possible, and process only sales reports you are allowed to send to the configured MiniMax-compatible API. Be aware that OCR text and generated spreadsheets may appear in terminal output or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The helper constructs a remote ChatOpenAI client against MiniMax and uses it to send caller-supplied prompts and optionally images off-host. In this skill's context, the code processes OCR'd sales reports and image content, so external transmission can expose sensitive business data without clear consent, scoping, or minimization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to send OCR-extracted report text and an API key to an external LLM service, but gives no warning that potentially sensitive business data will leave the local environment. This creates a real data privacy and confidentiality risk because sales reports may contain proprietary or regulated information, and users are not informed about transmission, retention, or third-party processing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The batch extraction workflow is presented as the recommended path, yet it does not warn that images and extracted sales data may be sent to an external API endpoint during processing. Because batch mode can amplify exposure across many files at once, the omission increases the chance of bulk unintended disclosure of sensitive commercial data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends OCR-extracted sales report text to an external LLM API, which may contain sensitive business data such as revenue, transaction counts, and operational details. Because the tool does not clearly warn users about third-party transmission or obtain explicit consent, users may unintentionally disclose confidential data outside their environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This path sends either an image or OCR-derived content to a remote LLM API and provides no disclosure, consent, or indication that sensitive material leaves the local environment. Because the skill is designed to extract sales-report data, the transmitted content may contain confidential financial or operational information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The function prints the full OCR-recognized text of the sales report to stdout, which can expose sensitive business information in terminals, logs, CI systems, or shared runtime environments. Local disclosure is especially risky because operators may not realize confidential data is being persistently captured outside the intended workflow.

Unpinned Dependencies

Low
Category
Supply Chain
Content
cnocr
langchain-openai
langchain-core
pandas
Confidence
96% confidence
Finding
cnocr

Unpinned Dependencies

Low
Category
Supply Chain
Content
cnocr
langchain-openai
langchain-core
pandas
openpyxl
Confidence
98% confidence
Finding
langchain-openai

Unpinned Dependencies

Low
Category
Supply Chain
Content
cnocr
langchain-openai
langchain-core
pandas
openpyxl
pillow
Confidence
99% confidence
Finding
langchain-core

Unpinned Dependencies

Low
Category
Supply Chain
Content
cnocr
langchain-openai
langchain-core
pandas
openpyxl
pillow
pydantic
Confidence
93% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
langchain-openai
langchain-core
pandas
openpyxl
pillow
pydantic
Confidence
97% confidence
Finding
openpyxl

Unpinned Dependencies

Low
Category
Supply Chain
Content
langchain-core
pandas
openpyxl
pillow
pydantic
Confidence
98% confidence
Finding
pillow

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
pillow
pydantic
Confidence
95% confidence
Finding
pydantic

Known Vulnerable Dependency: langchain-openai — 2 advisory(ies): CVE-2026-41488 (langchain-openai: Image token counting SSRF protection can be bypassed via DNS r); CVE-2026-41488 (LangChain is a framework for building agents and LLM-powered applications. Prior)

Medium
Category
Supply Chain
Confidence
84% confidence
Finding
langchain-openai

Known Vulnerable Dependency: langchain-core — 10 advisory(ies): CVE-2026-26013 (LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_to); CVE-2024-10940 (langchain-core allows unauthorized users to read arbitrary files from the host f); CVE-2025-65106 (LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templa) +7 more

Critical
Category
Supply Chain
Confidence
94% confidence
Finding
langchain-core

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
88% confidence
Finding
openpyxl

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
91% confidence
Finding
pillow

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
86% confidence
Finding
pydantic

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal