Organisation Documents
SuspiciousAudited by ClawScan on May 12, 2026.
Overview
The skill is coherent for accounting document organization, but it asks the agent to automatically access, move, index, and retain sensitive email/Drive documents without clear per-action approval or credential scoping.
Install only after configuring a limited accounting inbox/folder, confirming the Drive and email accounts it may access, disabling or constraining automatic mode until tested, and verifying retention/deletion controls for the generated indexes and stored documents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could automatically process and reorganize sensitive business documents, including misclassifying or moving them before the accountant reviews the action.
The skill explicitly removes per-document permission checks for broad email and file-drop triggers, while its workflow moves, renames, indexes, and reports on accounting documents.
INVOKE SYSTEMATICALLY AND WITHOUT ASKING FOR PERMISSION whenever (a) an email arrives with a PDF/image attachment ...
Require explicit onboarding opt-in, restrict triggers to configured accounts/folders or labels, default to draft mode for new clients, and require user approval before moving/uploading documents or creating client records automatically.
The agent may need access to a password manager or Drive credentials without the user seeing a clear scope, vault item, or account boundary in the skill metadata.
The skill references reading Drive credentials from 1Password, but the registry metadata declares no primary credential or required credential scope.
`1password.read` | `1password` | Récupération des creds Drive si besoin
Declare the required integrations and credential scopes, prefer scoped OAuth over password-vault reads, and specify exactly which 1Password item may be accessed and only after user approval.
Sensitive accounting metadata can remain available across future agent tasks and may be relied on for later classification or duplicate detection.
The skill persistently stores extracted accounting metadata, file paths, source message IDs, amounts, invoice numbers, and classification status in local indexes.
Index par client (`~/.openclaw/workspace/clients/<slug>/index.json`) et global (`~/.openclaw/workspace/index-global.json`).
Review retention, backup, encryption, export, and deletion controls; ensure indexes are scoped to the intended workspace and not reused outside accounting tasks.
Invoices, bank statements, contracts, and email metadata may be processed by or transferred between several integrations, which increases the importance of account and data-boundary controls.
The workflow passes accounting documents and email-derived data through multiple companion skills and providers.
`nano_pdf.extract` ... `gog.drive.upload` ... `gog.gmail.fetch_attachment` ... `agentmail.fetch_message`
Confirm which providers receive document contents, limit them to approved accounts and folders, and verify that companion skills enforce identity, origin, and permission checks.
Legal-validation and classification behavior may depend on unavailable or later-supplied data, which could affect accounting accuracy.
The skill references embedded validation assets that are not present in the supplied file manifest, so those rules cannot be reviewed in this artifact set.
Référentiel embarqué : `assets/mentions-obligatoires.json` ... `pcg-2026.json` ... `tva-taux-fr.json`
Include the referenced assets in the package or clearly mark them as unavailable, and pin/review companion skills before enabling automatic classification.