ClawHub

financial-statement-check

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can automatically send sensitive financial and tax documents to Tencent Cloud without an explicit consent step.

Install only if you are comfortable with financial statements, tax records, and rendered PDF pages being processed by Tencent Cloud OCR. Use it with explicit user confirmation for each document, avoid generic auto-triggering, and do not use it for confidential or regulated records unless your organization approves that third-party data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The script accepts arbitrary remote image URLs and sends them to Tencent OCR, which expands the skill from processing user-uploaded financial documents to fetching third-party content over the network. This creates a broader data-ingestion surface that can be abused for unintended external requests, policy bypass, or processing of untrusted remote resources not explicitly covered by the skill's stated purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to invoke the skill for generic finance-analysis requests, causing unnecessary processing of sensitive files and possible transmission to external OCR services. In this context, accidental invocation is more dangerous because the inputs are likely confidential financial and tax records, and users may not expect third-party handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The model-facing auto-trigger guidance relies on ambiguous filenames and keywords, which increases the chance of unintended activation on unrelated PDFs or routine financial questions. Because the skill can process files and call an external OCR provider, false activations may expose sensitive data and consume paid API resources without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The OCR workflow sends document images and rendered PDF pages to Tencent Cloud, meaning potentially sensitive financial statements leave the local environment and are processed by a third party. Because the code provides no explicit warning, consent gate, or privacy notice, users may unknowingly expose confidential corporate financial data, tax information, and other regulated content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal