ClawHub

Accountsos

Security checks across malware telemetry and agentic risk

Overview

This accounting skill is not malware, but it should be reviewed because it lets an agent create an account and change or upload financial records with limited consent guidance.

Review before installing. Prefer creating the AccountsOS account yourself, use the least-privilege API key available, and require explicit approval before the agent creates accounts, changes transactions or deadlines, categorizes records, or uploads financial documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented unauthenticated /api/agent-signup flow allows an agent to create new AccountsOS accounts and immediately receive read+write API keys. In a skill meant for bookkeeping, this expands behavior from operating on an existing user-authorized account to provisioning new financial accounts on the user's behalf, which can occur without explicit consent and creates a new trusted integration boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages agents to self-sign up and perform write actions like creating transactions without any explicit warning that these operations create accounts and modify financial records. In a finance context, silent writes are especially risky because they can alter books, create compliance issues, and act without the user's informed approval.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented upload_document capability sends potentially sensitive financial documents such as receipts and invoices to a third-party service, but the skill provides no privacy, retention, or data-handling warning. That omission is dangerous in an accounting skill because uploaded files may contain personal data, bank details, tax identifiers, and commercially sensitive information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal