ClawHub
Back to skill

Security audit

Technical Accounting Research Skill

Security checks across malware telemetry and agentic risk

Overview

This accounting research skill is not clearly malicious, but it requires running an unpinned external GitHub workflow and handling sensitive accounting facts without strong scoping or privacy controls.

Install only if you are comfortable reviewing and trusting the FinResearchClaw repository and its dependencies. Pin a known commit, run it without elevated privileges in an isolated environment, redact confidential client or company facts before web research, and choose a private output folder instead of ~/Downloads for sensitive memos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly instructs the agent to verify local repo paths, read reference files, and interact with local scripts, but it does not declare corresponding permissions. This creates a governance gap where file access behavior is present without clear user-visible scoping or enforcement, increasing the risk of unintended local file reads during execution.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
Most of the skill says FinResearchClaw is mandatory and that no task may close without it, but the runtime section allows fallback to a non-FinResearchClaw path after setup attempts. This inconsistency can cause unpredictable execution, policy bypass, and user confusion about when external tooling or alternate workflows are permitted.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Saving memo outputs to ~/Downloads by default can expose potentially sensitive financial analysis in a broadly accessible local folder without explicit user consent. In accounting contexts, drafts may contain confidential transaction facts, disclosure positions, and internal assumptions, so an automatic write to a common directory materially increases accidental disclosure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates internet research and use of a local third-party repo/workflow for every task, yet it provides no clear privacy boundary for what user facts may be sent to external sites or processed by external code. Because accounting requests can include nonpublic financial details, this combination creates a meaningful risk of confidential data exposure and uncontrolled handling by external dependencies.

Session Persistence

Medium
Category
Rogue Agent
Content
Handle transaction-specific accounting questions through a fixed sequence: gather facts, confirm output format, ensure the local FinResearchClaw repo is installed and runnable, route the task through that wrapped repo/workflow, research guidance online, apply standards, and deliver the requested output.

For all tasks under this skill — memo, email, and q-and-a alike — the workflow must wrap and leverage the local FinResearchClaw repo/workflow as a required research-and-drafting execution layer. This is mandatory, not optional, and applies even when the accounting issue appears straightforward. The skill may create and use a task-local virtual environment when needed to run the repo or supporting document-generation dependencies. FinResearchClaw is a required support engine for research depth and drafting quality across all output modes; authoritative accounting conclusions must still be grounded in ASC / SEC / AICPA / clearly labeled interpretive guidance.

## Prerequisites
Confidence
88% confidence
Finding
create and use a task-local virtual environment when needed to run the repo or supporting document-generation dependencies. FinResearchClaw is a required support engine for research depth and drafting

Session Persistence

Medium
Category
Rogue Agent
Content
## Runtime / Environment Expectations

- Memo-mode runs are allowed to create and use a task-local Python virtual environment.
- FinResearchClaw default repo path: `~/.openclaw/workspace/AutoResearchClaw`
- If the repo or its dependencies are not ready, initialize a local venv for the task and install only the dependencies needed for the memo workflow.
- If FinResearchClaw cannot be executed after reasonable setup attempts, disclose that explicitly and fall back to a non-FinResearchClaw path only as an exception, not the default.
Confidence
90% confidence
Finding
create and use a task-local Python virtual environment. - FinResearchClaw default repo path: `~/.openclaw

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal