Organisation Documents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: organisation-documents Version: 0.1.0 The 'organisation-documents' skill is a highly specialized tool for French accounting automation, but it requires broad, high-risk permissions to function. Key indicators include instructions in SKILL.md for the AI to 'INVOKE SYSTEMATICALLY AND WITHOUT ASKING FOR PERMISSION' and the potential use of '1password.read' to retrieve credentials (mentioned in references/roadmap.md). While these capabilities are aligned with the stated purpose of processing emails and managing files autonomously, the combination of automated execution, access to sensitive financial documents, and credential retrieval represents a significant security surface. No evidence of intentional malice or data exfiltration was found, and the bundle includes detailed professional safeguards.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could automatically process and reorganize sensitive business documents, including misclassifying or moving them before the accountant reviews the action.
The skill explicitly removes per-document permission checks for broad email and file-drop triggers, while its workflow moves, renames, indexes, and reports on accounting documents.
INVOKE SYSTEMATICALLY AND WITHOUT ASKING FOR PERMISSION whenever (a) an email arrives with a PDF/image attachment ...
Require explicit onboarding opt-in, restrict triggers to configured accounts/folders or labels, default to draft mode for new clients, and require user approval before moving/uploading documents or creating client records automatically.
The agent may need access to a password manager or Drive credentials without the user seeing a clear scope, vault item, or account boundary in the skill metadata.
The skill references reading Drive credentials from 1Password, but the registry metadata declares no primary credential or required credential scope.
`1password.read` | `1password` | Récupération des creds Drive si besoin
Declare the required integrations and credential scopes, prefer scoped OAuth over password-vault reads, and specify exactly which 1Password item may be accessed and only after user approval.
Sensitive accounting metadata can remain available across future agent tasks and may be relied on for later classification or duplicate detection.
The skill persistently stores extracted accounting metadata, file paths, source message IDs, amounts, invoice numbers, and classification status in local indexes.
Index par client (`~/.openclaw/workspace/clients/<slug>/index.json`) et global (`~/.openclaw/workspace/index-global.json`).
Review retention, backup, encryption, export, and deletion controls; ensure indexes are scoped to the intended workspace and not reused outside accounting tasks.
Invoices, bank statements, contracts, and email metadata may be processed by or transferred between several integrations, which increases the importance of account and data-boundary controls.
The workflow passes accounting documents and email-derived data through multiple companion skills and providers.
`nano_pdf.extract` ... `gog.drive.upload` ... `gog.gmail.fetch_attachment` ... `agentmail.fetch_message`
Confirm which providers receive document contents, limit them to approved accounts and folders, and verify that companion skills enforce identity, origin, and permission checks.
Legal-validation and classification behavior may depend on unavailable or later-supplied data, which could affect accounting accuracy.
The skill references embedded validation assets that are not present in the supplied file manifest, so those rules cannot be reviewed in this artifact set.
Référentiel embarqué : `assets/mentions-obligatoires.json` ... `pcg-2026.json` ... `tva-taux-fr.json`
Include the referenced assets in the package or clearly mark them as unavailable, and pin/review companion skills before enabling automatic classification.