Openclaw Greek Accounting Meta

The OpenClaw Greek Accounting Meta-Skill demonstrates legitimate orchestration functionality for an accounting system, including positive security features like mandatory human confirmation for government submissions and role-based access checks. However, the Python code snippet in `SKILL.md` reveals a shell injection vulnerability in the `call_skill` method. This method constructs shell commands using f-strings that directly embed variables (e.g., `afm`, `user`) without sanitization. If an AI agent processes untrusted user input for these variables, it could lead to arbitrary command execution on the host system, classifying it as suspicious due to this critical vulnerability.