ClawHub

Dashboard Greek Accounting

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local accounting dashboard skill with optional user-configured alert and email delivery, but users should handle generated reports as sensitive financial data.

Install only if OPENCLAW_DATA_DIR points to the intended accounting workspace. Restrict access to generated dashboard files and reports, enable Slack/email/SMS/calendar delivery only for approved recipients, and use dedicated low-privilege SMTP credentials or app passwords if email alerts are configured.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises optional Slack, SMTP, and SMS integrations for alerts but does not prominently warn that client/accounting data may be transmitted to third-party services outside the local file-based workflow. In an accounting context, alerts can contain regulated financial and personal data, so omission of a clear transmission warning increases the risk of accidental data leakage and non-compliant use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The scheduled report emailing feature is documented as a normal operation without warning that generated reports may include sensitive client financial, tax, payroll, and compliance data. That makes it easy for users to distribute regulated information over email without evaluating recipient scope, encryption, or retention risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage example normalizes emailing daily summary reports to the team but omits any caution about external distribution of sensitive accounting information. Examples are especially influential operational guidance, so this can drive insecure default behavior even if the feature is optional.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal