FP&A Engine
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a benign, instruction-only FP&A helper, but users should treat the financial, bank, billing, and payroll data it asks for as sensitive.
This skill does not show code execution or external data transfer in the provided artifacts. Before using it, decide what financial data is truly necessary, redact bank account numbers and employee-identifying payroll details, and treat its outputs as decision-support that should be reviewed before board, investor, or operational use.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Confidential company financials or employee payroll information could be included in prompts, analysis outputs, or reports if the user provides it.
The skill is designed to process sensitive financial and payroll information as analysis context. This is expected for FP&A and no persistence or exfiltration is shown, but the data itself is sensitive.
data_available:\n - bank_statements: true/false\n - billing_data: true/false\n - payroll_data: true/false
Share only the data needed for the analysis, redact account numbers and personal payroll details where possible, and verify generated financial reports before distributing them.