Subscription Killer
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The script can process the bank CSV file you point it at and include transaction-derived information in its report.
The skill expects local Python execution against a file path supplied by the user. This is purpose-aligned, but it means the agent/script can read the specified CSV.
Usage:
python3 subscription_killer.py --file transactions.csvRun it only on the intended bank export, preferably in a local trusted workspace, and do not provide broader file paths than needed.
It is harder to independently confirm that the reviewed script exactly matches the intended release.
The registry lacks a public source/homepage, and the provided SKILL.md/script labels show version 1.1.0, creating a minor provenance and release-label mismatch.
Source: unknown; Homepage: none; Version: 1.3.0
Verify the package source or maintainer if possible, and review the local script before running it on real bank data.
Personal financial details may be visible to the agent session and in the generated report.
Bank transaction exports can reveal merchants, spending habits, dates, and amounts. The artifacts show local analysis and reporting, not persistence or transmission, but the data is still sensitive.
The skill accepts any CSV export from a personal bank account.
Use only the minimum necessary CSV, redact unrelated rows if possible, and avoid sharing the generated report publicly.