Lab Budget Forecaster
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a simple local budget-forecasting script with no evidence of hidden network access, credentials use, persistence, or destructive behavior.
This skill looks safe for ordinary use as a local lab-budget calculator. Before installing or using it, note that it runs a Python script and can read an expenses CSV you provide. Also verify the actual command-line options in the script, because the documentation and script arguments are not perfectly consistent.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local Python code to calculate budget forecasts.
The skill instructs use of a packaged local Python script. This is expected for the stated forecasting workflow, but users should still understand that local code execution is part of using the skill.
python scripts/main.py --help
Run it only with intended inputs and review the generated output before relying on it for decisions.
The script can read the expenses file path provided by the user.
The script can read a user-provided CSV file path. This is purpose-aligned for budget analysis and no broader file traversal, credential access, or network transmission is shown.
parser.add_argument("--expenses", help="Expenses CSV file")Provide only the intended CSV file and avoid pointing the tool at unrelated private files.