Dashboard Greek Accounting
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent local dashboard skill for Greek accounting data, with disclosed but sensitive handling of client information and optional alert integrations.
Before installing, ensure OPENCLAW_DATA_DIR points only to the intended accounting data, restrict access to generated dashboard files and reports, and configure Slack, email, SMS, or calendar alerts only for trusted recipients using dedicated credentials where possible.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Client compliance, financial, payroll, deadline, and document-status information may be combined into local dashboard outputs that other users or tasks could later read.
The skill intentionally consolidates and stores dashboard context from multiple accounting-related sources, which is expected for the purpose but sensitive.
File-Based Processing: Dashboard state managed through OpenClaw file system, no database required - **Skill Integration Hub**: Pulls data from all existing skills into unified views
Limit OPENCLAW_DATA_DIR to the intended accounting workspace, restrict access to generated dashboard files, and avoid mixing unrelated private documents into the dashboard data directory.
Compliance alerts or daily digests could disclose client names, deadlines, VAT status, or risk scores to Slack, email, SMS, or calendar recipients if those channels are enabled.
The skill can send dashboard alerts to external communication channels when configured, which is disclosed and purpose-aligned but may move client information outside the local environment.
Alert delivery channels (Slack, email) are optional — configure their env vars to enable. Unconfigured channels produce local file-based alerts only.
Enable external alert channels only for approved destinations, minimize sensitive details in alert text where possible, and verify recipient access controls.
If SMTP credentials are provided, the dashboard can use that account to send alert messages.
The skill declares optional email credentials for alert sending; this is expected for email notifications but gives the skill access to an email-sending account if configured.
"SMTP_USER": "Email account for sending alerts", "SMTP_PASSWORD": "Email account password"
Use a dedicated low-privilege sending account or app password, protect the environment variables, and rotate credentials if the skill is removed or no longer used.