ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Finance

v0.2.1

Use for finance and accounting operations — AP/AR tracking, invoicing, bank reconciliation, budgeting, financial reporting, expense management, tax prep, pay...

0· 60·0 current·0 all-time
by@rithythul
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim full finance operations (AR/AP, bank reconciliation, invoicing, payroll coordination, etc.). Those capabilities normally require explicit connectors and credentials (bank feeds, accounting system API keys, payment processors), but the skill declares no required binaries, env vars, config paths, or install steps. The required access is disproportionate to what the metadata requests.
!
Instruction Scope
SKILL.md instructs the agent to pull bank statements, match transactions, send automated reminders and escalations, generate invoices with sequential numbers, and log contacts. Those are read/write operations on sensitive systems and external communications; the instructions do not specify data sources, APIs, or required authorization, and are written to be executed autonomously (heartbeat checks), which grants broad discretion absent explicit limits.
Install Mechanism
No install spec and no code files (instruction-only). This reduces filesystem risk because nothing is downloaded or installed by the skill itself.
!
Credentials
The skill will need credentials for accounting software, bank access, or email/SMS gateways to perform reminders and payments, yet it lists no required environment variables or primary credential. That mismatch makes it unclear what secrets would be needed or how they would be provided, which is a red flag for both functionality and safety.
Persistence & Privilege
always:false (good). However, model invocation is allowed (the default), so the agent could autonomously act on the instructions if given the necessary access. Combined with the other concerns (sensitive operations, missing declared integrations), autonomous invocation increases risk — consider enforcing human approval for any outbound actions.
What to consider before installing
This skill's guidance describes operations that require access to bank feeds, accounting systems, and communication channels, but the skill package does not state how those connections will be made or what credentials are needed. Before installing or enabling it: 1) Ask the publisher for a connector list and minimum credential scopes (e.g., read-only bank statement feed, limited accounting API scope) and prefer OAuth or scoped API keys rather than full account passwords; 2) Require human approval for any payment, write, or outbound communication action; 3) Test in a sandbox account with dummy data first; 4) Verify audit logging and who/what will send collection notices; 5) Prefer skills with a verifiable homepage/owner and documented integration behavior. If the author provides concrete connector documentation and scoped credential requirements, re-evaluate — that information would substantially reduce the concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk975y1zcb6hcx2p3cjer7hnk2s84dye8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments