ClawHub

Akaunting

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the Akaunting integration it advertises, but it can change financial records and handle accounting credentials with limited safeguards and weak setup guidance.

Review before installing. Use it only with an Akaunting instance you intend the agent to access and potentially modify. Change default passwords, restrict port 8080, use HTTPS for non-local access, use a least-privileged account, protect the config file, back up accounting data, and require explicit user confirmation before creating or deleting records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no permissions even though the documentation clearly instructs use of environment variables, network access, and shell/Docker operations. This is dangerous because users and calling systems cannot accurately assess the skill's capabilities, and the undocumented shell/network behavior expands the attack surface beyond simple API usage.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is ներկայացված as a REST API integration, but the instructions also include deploying Docker containers and patching application internals via local file modification. This mismatch is risky because users may authorize a seemingly low-risk API skill while it actually performs privileged local administrative actions that can alter the host or containerized application state.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is very broad and may activate on common accounting or bookkeeping mentions, increasing the chance the skill runs in situations where the user did not intend financial tooling to be invoked. In this context, that matters more because the skill can create or modify accounting records and potentially interact with live credentials and systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation presents commands that create income and expense transactions without clearly warning that these are write operations against accounting data. In a financial system, accidental execution can corrupt books, create fraudulent-looking records, or require manual reconciliation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to store credentials in a local config file and use HTTP Basic Auth, but provides no warning about secret exposure, transport security, or file-permission hardening. This is especially risky for financial software because compromise of these credentials can grant broad access to accounting records and mutation endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference documents create, update, and delete endpoints, including account deletion, without any warning that these operations mutate or permanently remove financial data. In an agent skill context, this increases the chance an automated system or user invokes destructive actions without clear confirmation or understanding of bookkeeping consequences.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The authentication example shows HTTP Basic Auth with an email and password sent to an `http://` URL, which exposes credentials to interception if used beyond a strictly local, trusted environment. Because this is API reference material for an automation skill, users may copy the example directly, normalizing unsafe credential handling.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script performs live write operations against the accounting API to create income and expense transactions with no confirmation prompt, dry-run mode, or explicit warning that this changes remote financial records. In an agent/automation context, that increases the chance of accidental ledger modification, fraudulent entries, or unwanted bookkeeping changes from ambiguous prompts or misfires.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The item creation command writes directly to the remote Akaunting system without confirmation or a warning that it will modify production records. In a skill meant for agent use, this can lead to accidental creation of products/services and downstream accounting or inventory inconsistencies.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal