Skillv2.1.0

ClawScan security

Budget · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 1:41 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code mostly matches a local, privacy-first budget tool, but the runtime instructions advertise many scripts and features that are not present — that mismatch is an incoherence you should resolve before trusting it.
Guidance: This skill mostly looks like a local, privacy-first budgeting tool: scripts read and write JSON files under ~/.openclaw/workspace/memory/budget and there are no network calls or credential requests. However, the SKILL.md repeatedly references many scripts and features that are not included in the package (reports, exports, alert scripts, category_status/overage_analysis/generate_report/export_data, etc.). Before installing or using it: 1) ask the publisher why those referenced scripts are missing or request a complete release; 2) inspect any additional scripts before running them; 3) be aware the provided scripts write to ~/.openclaw/workspace/memory/budget — back up any existing data there and confirm you are comfortable with that path; 4) run the code in an isolated environment (or sandbox) if you want to test; and 5) if you need the missing features, require the author to supply them or update the documentation. The mismatch between documentation and included code is the main reason this is flagged as suspicious rather than benign.

Review Dimensions

Purpose & Capability: noteThe stated purpose (local, privacy-first budget management) aligns with the files provided: the scripts read/write JSON under a local workspace path and include budget/expense operations. However, the SKILL.md advertises many additional scripts and features (category_status.py, overage_analysis.py, generate_report.py, export_data.py, alert management scripts, etc.) that are referenced in documentation but are not present in the file manifest. This is an inconsistency between claimed capabilities and included code.
Instruction Scope: concernSKILL.md directs the agent to run many scripts and shows workflows that rely on scripts that don't exist in the package. The instructions otherwise confine operations to local storage and do not instruct any network or credential access; the included scripts operate only on local JSON files under ~/.openclaw/workspace/memory/budget. Missing script references give the agent broad but unfulfilled expectations and could lead to runtime errors or unintended fallbacks.
Install Mechanism: okThere is no install spec (instruction-only), which minimizes risk because nothing is downloaded or installed automatically. All code present is plain Python scripts that would be executed locally if invoked.
Credentials: okThe skill requests no environment variables, no credentials, and the scripts do not access external config or secret stores. They create/read/write files under a user-scoped path (~/.openclaw/workspace/memory/budget), which is proportional for a local budgeting tool.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. Its persistence is limited to storing JSON under the user's workspace directory; this is expected for a local data-focused tool.