Back to skill

Security audit

Openclaw Greek Accounting Meta

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Greek accounting orchestration skill, but it needs Review because some high-impact accounting workflows are under-scoped or inconsistently gated.

Install only if you are comfortable reviewing and tightening the workflows. Require explicit user approval before any AADE or government submission, scope briefings and document processing to authorized clients, add dry-run previews before moving files, and avoid following any shell-command examples that interpolate user or client values without safe argument handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill repeatedly promises a mandatory human confirmation gate for government submissions, but the AADE sync workflow explicitly includes 'Submit pending VAT returns' without any confirmation step. In a financial/compliance orchestrator, this inconsistency can lead operators or downstream implementations to auto-submit regulatory filings, creating legal, financial, and auditability risks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The prompt 'Show me the morning briefing for today' is a broad natural-language trigger for a high-privilege orchestrator that aggregates alerts, deadlines, and compliance data across the accounting system. Because the skill is the primary entry point and the expectation says it 'does not require any parameters beyond the command itself,' accidental or unauthorized invocation could expose sensitive cross-client operational data without sufficient scoping or identity checks.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The instruction 'Process all incoming documents that arrived today' authorizes bulk handling of emails, scans, and bank statements with movement from /data/incoming/ into client directories, but it lacks client, source, count, and review boundaries. In a financial-data orchestrator, such unconstrained bulk processing can misroute documents, ingest malicious or irrelevant files, or process unintended items from multiple clients, creating confidentiality, integrity, and operational risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal