Organisation Documents
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This accounting document skill is coherent, but it asks the agent to automatically run scripts and reorganize sensitive financial documents without per-run approval, with additional under-scoped references to email, Drive, and password-manager access.
Review this skill before installing. It appears built for legitimate accounting document automation, but use it only with a dedicated inbox and client workspace, keep backups, and do not grant Gmail, Drive, or 1Password access unless you have verified the exact scope and approval flow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incoming attachments or files could be processed and moved into the accounting workspace automatically, so a misclassification or overly broad inbox could affect sensitive accounting records before review.
The skill explicitly removes per-run approval and mandates local script execution on broad email and file triggers.
À INVOQUER SYSTÉMATIQUEMENT et SANS DEMANDER L'AUTORISATION dès que ... un e-mail arrive avec une PJ PDF/image ... Pour chaque invocation, la SEULE action ... est d'exécuter ... python3 scripts/main.py <dossier_inbox> <racine_clients>
Use a dedicated staging inbox and client root, keep backups, and require explicit approval for bulk runs or any mailbox/Drive automation outside a clearly scoped accounting workflow.
If an agent follows this reference with access to other tools, it could request or use password-manager credentials for Drive without a clearly declared permission boundary.
The reference material contemplates reading Drive credentials from 1Password, but the registry metadata declares no primary credential, required environment variables, or bounded credential scope.
`1password.read` | `1password` | Récupération des creds Drive si besoin
Do not grant password-manager, Gmail, or Drive access unless the exact account, vault item, permissions, and destination paths are explicitly scoped and confirmed.
Sensitive invoices, bank statements, and email contents may pass through external integrations if those companion workflows are enabled.
The skill's reference contract includes email, webhook, Drive, and companion-skill flows involving accounting documents and email metadata.
Pièce jointe Gmail ... AgentMail → webhook ... Lien Drive ... Téléchargement via `gog` ... Métadonnées de l'e-mail ... Adresse expéditeur, sujet, date d'envoi, corps HTML.
Connect only trusted mail/Drive integrations, prefer least-privilege accounts, and verify where attachments and metadata are downloaded or uploaded.
The local workspace can accumulate sensitive business names, amounts, bank-statement classifications, and document paths.
The skill persistently stores client mappings, hashes, reports, and accounting document metadata for later reuse.
Writes `clients/clients.json`, `clients/_index.json`, `clients/_report.json`, and prints a short summary.
Store the workspace in a protected location, limit access to it, and define retention/cleanup procedures for reports and indexes.
The skill may fail or require manual package installation, and users must trust the installed local dependency.
The skill depends on an external local binary/package that is not represented in the install spec or required-binaries metadata.
The script calls `pdftotext` (package `poppler-utils`). Install it once on the runtime : `apt install poppler-utils` ... `brew install poppler`
Install poppler from trusted OS package sources and ask the publisher to declare required binaries/install steps in metadata.