Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tally Skill
v0.1.0Interact with TallyPrime running locally to read reports and post accounting entries.
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (interact with local TallyPrime) align with the runtime instructions: SKILL.md details HTTP POST/XML calls to $TALLY_URL and ledger/voucher operations. However, registry metadata presented earlier stated no required env vars or binaries, while the SKILL.md explicitly declares required env TALLY_URL, primaryCredential TALLY_URL, and lists curl under bins. That metadata mismatch is unexplained and reduces confidence in provenance.
Instruction Scope
The SKILL.md stays within the stated purpose: it shows exact curl calls, how to check server status, check/create ledgers, and post vouchers. It does assume the agent (or surrounding system) can collect invoice data (vision / WhatsApp ingestion) — that is an external responsibility but not inconsistent. The instructions do not ask to read unrelated system files or other env vars. One operational risk: $TALLY_URL is user-configurable and could point to a non-local endpoint, which would cause the skill to send accounting data off-host; SKILL.md notes Tally is local but does not enforce locality.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes supply-chain risk. The SKILL.md does reference curl as the command-line tool to use; no downloads or package installs are present.
Credentials
The only runtime parameter the skill needs is TALLY_URL, which is appropriate for a service that posts to Tally. But: (1) the registry metadata contradicts the SKILL.md about required env vars/binaries, (2) TALLY_URL can be set to any URL — if misconfigured (or maliciously set) it could transmit sensitive accounting data to a remote endpoint, and (3) there are no other protections described (no host restriction validation). The skill does not request direct secrets, which is appropriate, but the primary credential being a URL is sensitive because it defines where data is sent.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It allows autonomous invocation (disable-model-invocation=false), which is platform default; combined with write capability to Tally this increases blast radius but is an expected feature for an automation skill. There is no instruction to modify other skills or global agent settings.
Scan Findings in Context
[none_detected] expected: The repository had no code files for the regex scanner to analyze; SKILL.md is instruction-only. Absence of findings is not evidence of safety — the runtime instructions are the security surface.
What to consider before installing
Before installing or enabling this skill: 1) Verify the skill's source and trust the publisher — there is no homepage or code repository listed. 2) Confirm TALLY_URL will point to a local, trusted TallyPrime instance (default localhost:9000). If TALLY_URL points to a remote host, the skill will send accounting data there. 3) Check the registry metadata mismatch: SKILL.md requires TALLY_URL and curl but the registry entry earlier claimed none; ask the publisher to reconcile metadata. 4) Because the skill can create ledgers and post vouchers, test it in a non-production/company copy first and require explicit user confirmation before making writes. 5) Ensure your agent's vision/ingestion pipeline (WhatsApp/PDF extraction) is configured and trusted, because the skill assumes the agent will extract invoice fields automatically. 6) If you need higher assurance, request the skill's source or a signed provenance artifact so you can inspect the exact commands it will run.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjk11rjvp842ehznzymj9h5841e0y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.