Skillv1.0.0

ClawScan security

Akaunting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 3:18 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (Akaunting API/CLI) but contains inconsistencies and privileged operations (docker/container file edits) that are not declared in the metadata and deserve caution.
Guidance: Before installing or running this skill, understand that: - It expects you to run Akaunting locally using Docker/docker-compose and to have python3 and Docker access on the host; those runtime requirements are not declared in the skill metadata. - The included fix script will run docker exec and modify files inside the Akaunting container (it writes to /var/www/html/app/Providers/Event.php and runs php commands in-container). That requires access to the Docker daemon and will change application code — run only on an isolated test system or a VM, not on a production host. - The docker-compose in the repo embeds default/weak credentials (DB and admin passwords). If you deploy it, change these secrets and secure the instance before adding real data. - The CLI stores API credentials in plaintext at ~/.config/akaunting/config.json by default; consider using a protected environment or vault for sensitive credentials. - The metadata should declare required binaries and env vars (docker, docker-compose, python3, AKAUNTING_*). The absence of these declarations is an inconsistency — ask the skill author to correct the metadata and to document security implications. Recommended actions: review the scripts locally, run the stack in an isolated sandbox, rotate/change any default passwords in the compose file, and only provide real account credentials after you are confident about the environment and origin of this skill.

Review Dimensions

Purpose & Capability: concernThe skill claims to let an agent interact with Akaunting via its API and includes a CLI and a docker-compose to run Akaunting locally — that fits the purpose. However, the metadata lists no required binaries or environment variables even though the runtime docs and scripts assume docker, docker compose, python3, and the ability to run docker exec. The included docker-compose also embeds DB and admin passwords (insecure defaults). The lack of declared runtime requirements is an incoherence.
Instruction Scope: noteSKILL.md and scripts instruct the user/agent to deploy a local Akaunting container, create a plaintext config file (~/.config/akaunting/config.json) with email/password, and run a fix script that executes docker exec to modify /var/www/html/app/Providers/Event.php inside the running container and run php commands in-container. Those actions are within the stated domain (fixing a Laravel listener, enabling payments, calling the API) but they require privileged access to Docker and modify files inside the application container — an operation with side effects that isn't called out in the skill metadata.
Install Mechanism: okThere is no automated install spec (instruction-only install), so nothing is automatically downloaded by the skill package itself. The provided docker-compose references official Docker Hub images (akaunting/akaunting:latest and mariadb:10.6), which is expected for running the app. Note: pulling latest images will fetch remote code at runtime and the compose file contains default secrets.
Credentials: concernThe skill metadata declares no required environment variables or primary credential, but the docs and CLI script expect AKAUNTING_URL, AKAUNTING_EMAIL, AKAUNTING_PASSWORD or a config file at ~/.config/akaunting/config.json. This mismatch (undisclosed credential requirements) is a red flag. Additionally, the provided docker-compose includes hard-coded DB and ADMIN credentials (e.g., ADMIN_PASSWORD=changeme123, MYSQL_ROOT_PASSWORD=root_secure_password) which are insecure defaults and could be overlooked by users.
Persistence & Privilege: okThe skill is not marked always:true and does not attempt to modify other skills or agent configuration. The most significant privilege requirement is access to the host's Docker daemon (to run docker exec and manage containers), which is not expressed in metadata but is required by the provided fix script.