Skillv0.1.21

ClawScan security

GridTRX · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 4:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it claims (a local double-entry accounting engine driven by Python with an MCP and CLI interface); requested environment access and binaries align with that purpose and there are no obvious mismatches or hidden exfiltration steps in the provided files.
Guidance: This skill is coherent with its description, but before installing or running it: (1) set GRIDTRX_WORKSPACE to a dedicated directory (not your home or root) so the tool cannot access unrelated files; (2) review the included Python files yourself (or have a developer do so) if you will run the MCP server — it will expose programmatic tools to any agent that can call it; (3) only install optional dependencies (mcp, flask) from trusted registries and limit network exposure (run MCP only for local agent processes, not on a public interface); (4) treat books.db as sensitive financial data — the docs mention copying/ emailing it, but that is a human action you should control; (5) note that the repo is provided with source code included, and the skill does not auto-install unknown binaries, so you remain in control of dependency installation and runtime invocation.

Review Dimensions

Purpose & Capability: okName/description (accounting engine) matches the included code (models.py, cli.py, mcp_server.py) and the single required binary (python3). GRIDTRX_WORKSPACE is a workspace path used to restrict which SQLite books.db files the tool may open — this is coherent with the stated purpose.
Instruction Scope: noteSKILL.md and ai.txt instruct the agent to run the CLI or start the MCP server and to operate only on SQLite books inside GRIDTRX_WORKSPACE. The instructions emphasize 'all data is local' and the code enforces an explicit workspace boundary. Note: the docs suggest copying/backing up or emailing the books.db file — that is a user action that can expose sensitive financial data if done carelessly, but it is not performed automatically by the skill.
Install Mechanism: okNo install spec is embedded; the repository includes source files and a requirements.txt with optional dependencies (mcp, flask). SKILL.md instructs users to pip install the optional packages before use. There is no download-from-URL or extract step in the skill bundle that would write arbitrary third-party code at runtime.
Credentials: okOnly GRIDTRX_WORKSPACE is required (declared as primaryEnv). This is a path, not a secret credential, and is directly used to enforce a workspace boundary. No unrelated secrets or external API keys are requested.
Persistence & Privilege: okalways is false. The skill allows autonomous invocation (disable-model-invocation is false), which is standard for skills and expected for agent-driven bookkeeping. The skill does not request system-wide configuration changes or other skills' credentials.