ClawHub

Lessaccounting

Security checks across malware telemetry and agentic risk

Overview

This LessAccounting skill appears to be a real integration, but it exposes broader financial-accounting access than its organization-focused framing clearly communicates.

Review this skill before installing. Only use it if you intend to give an agent broad authenticated access to LessAccounting data, and require explicit confirmation before any create, update, delete, export, or raw proxy request. Prefer built-in Membrane actions over direct proxy calls, and avoid full-URL proxy requests unless you have verified the destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest says the skill is for managing Organizations, but the body documents access to invoices, expenses, contacts, projects, tasks, reports, and other LessAccounting resources. This scope mismatch can mislead downstream policy, approval, or user-consent mechanisms into granting broader financial-accounting access than the declared purpose suggests.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The proxy section explicitly permits arbitrary API requests, including full-URL usage, which goes well beyond a narrowly described organization-management skill. That creates a generic network-capable interface that can access or modify unrelated accounting data and potentially send data to unintended external destinations, defeating least-privilege expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs use of direct proxy requests with GET/POST/PUT/PATCH/DELETE and even allows full URLs, but does not warn that these actions can mutate accounting records or transmit data outside LessAccounting. In a finance-related integration, this omission is risky because users or agents may treat the interface as routine and inadvertently perform destructive or exfiltrating operations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal