Skillv1.0.0

ClawScan security

理财小助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 4:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a personal finance helper, but the runtime instructions call a Python script that is not provided or installed by the skill and they operate on files under your home directory, creating an incoherent and potentially risky situation.
Guidance: This skill's intent (personal bookkeeping) is plausible, but the SKILL.md expects a local Python script pocket-money-manager.py that the skill does not provide or install. Before installing or invoking it: 1) Verify the referenced GitHub repo and confirm where pocket-money-manager.py comes from; don't run the skill unless you can inspect the script's source. 2) If you have a file with the same name on your system, be aware the skill would execute it — review that file for malicious behavior. 3) Because it reads/writes ~/.memory/finance/*.json (sensitive financial data), ensure backups and audit file access. 4) Prefer a skill that includes an install spec or an auditable package, or run any untrusted script in a sandbox/container. If you cannot confirm the script's origin and contents, avoid enabling this skill.

Review Dimensions

Purpose & Capability: noteName/description correspond to a personal finance helper and the declared dependency (python3) is appropriate. However, the SKILL.md expects a script named pocket-money-manager.py to exist and be runnable; no code files or install steps are provided, so it's unclear how the described functionality would actually be delivered.
Instruction Scope: concernInstructions tell the agent to run python pocket-money-manager.py commands and reference local storage paths (~/.memory/finance/records.json and budget.json). That is coherent for a finance app, but because the skill supplies no implementation, the agent would attempt to execute a script that may not exist — or could run an existing file on the user's system with that name. The instructions read/write files in the user's home, which may contain sensitive financial data.
Install Mechanism: okThere is no install spec (instruction-only), which is lower-risk than pulling and executing remote archives. The downside is lack of an included, auditable implementation.
Credentials: noteThe skill does not request environment variables or external credentials, which is proportionate. It does, however, operate on local files in the user's home directory for storing records/budgets — reasonable for a finance tool but sensitive in nature and worth auditing.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or cross-skill privileges. It does instruct read/write to user-local paths but does not claim system-wide persistence.