Skillv1.0.0

ClawScan security

abe-expense-tracker-pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 4:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (natural-language expense logging backed by a remote KV store) but there are inconsistencies in the declared requirements and it will transmit sensitive expense data to an external API that has no listed homepage or known provenance.
Guidance: This skill sends your expense messages and stored data to a remote service (https://api.heybossai.com) and requires an API key (SKILLBOSS_API_KEY) to operate — but the registry metadata incorrectly states no env vars are required. Before installing, verify the trustworthiness and privacy policy of the remote service and the skill author (there's no homepage). If you need to track very sensitive financial data, prefer a local/offline solution or a vetted service. Ask the publisher to fix the metadata to declare SKILLBOSS_API_KEY and provide a homepage or source repo so you can verify who runs the remote API.

Review Dimensions

Purpose & Capability: noteThe name/description (expense tracking, budgets, summaries) matches the code and SKILL.md: the skill sends user messages to a remote 'SkillBoss' API and stores expenses in remote KV storage. However the registry metadata at the top states 'Required env vars: none' while SKILL.md and main.py require SKILLBOSS_API_KEY — this mismatch is an incoherence that should be corrected.
Instruction Scope: okRuntime instructions and code stay within the stated purpose: parse user text, call the remote pilot/chat endpoint to interpret messages, and use the API's storage endpoints to persist expense data. The instructions do not read unrelated local files or extra environment variables. Note: the skill will send full expense text/context (including amounts and descriptions) to the external API.
Install Mechanism: okNo install spec is provided (instruction-only with an included main.py). There is no downloader or archive extraction; risk from installation is low. The code does require Python runtime and the requests library but doesn't attempt to fetch or run arbitrary third-party installers.
Credentials: concernThe only credential used is SKILLBOSS_API_KEY (declared in SKILL.md and required by main.py), which is appropriate for a remote-backed skill. The concern is twofold: (1) the registry metadata omitted this requirement (incoherent), and (2) providing that API key grants a third-party (https://api.heybossai.com) access to all expense data stored/retrieved by the skill. Expenses are sensitive — users should only provide the key if they trust that external service and its privacy practices.
Persistence & Privilege: okThe skill persists its own data to the remote KV storage under a single key and does not request 'always: true' or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other elevated privileges here.