ClawHub

Accounted Openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Swedish accounting integration with financial-data access, but its requested powers match its purpose and it repeatedly requires scoped access and human approval for writes.

Install this only if you intend to connect OpenClaw to Accounted/Gnubok for Swedish bookkeeping. Prefer hosted OAuth or a sandbox/test key first, grant only the read/write scopes you need, verify the company and Swedish jurisdiction, and review every staged operation preview before approving it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is described as applicable to essentially any accounting task, with broad trigger examples, which can cause an agent to invoke it in situations where the user did not explicitly request this particular integration. In a financial context, over-broad invocation increases the chance of exposing sensitive accounting data or initiating staged financial actions in the wrong context, even if final approval is required.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill strongly binds behavior to Swedish bookkeeping rules, VAT, payroll, and legal/accounting conventions without an explicit requirement to confirm that the user wants Swedish-domain handling. If invoked for a non-Swedish user or entity, the agent could provide incorrect compliance guidance or prepare materially wrong accounting actions for the wrong jurisdiction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal