Refund Radar
PassAudited by ClawScan on May 1, 2026.
Overview
Refund Radar is a coherent local bank-statement review skill, but it handles sensitive financial data, stores local reports/state, and references a Python module that is not bundled with the skill.
Before installing or using this skill, make sure you are comfortable giving it bank statement exports or pasted transactions. Keep the generated HTML/JSON reports private, delete or reset local state when finished, and verify any external refund_radar Python package before running it on financial data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs or runs a separate refund_radar package, that external code would process their bank statement data.
The skill instructs use of a Python module, while the provided package is described as instruction-only with no included code or install spec. This is not malicious, but users should verify any external module or repository before running it.
python -m refund_radar analyze --csv statement.csv
Only run a separately installed module from a trusted, reviewed source, and confirm it matches the documented local-only behavior.
Financial transaction history and learned merchant decisions may remain on the device and influence future analyses.
The skill explicitly stores learned merchant preferences and raw transaction analysis locally, which may include sensitive financial patterns and merchant history.
`~/.refund_radar/state.json` | Learned preferences, merchant history ... `~/.refund_radar/reports/YYYY-MM.json` | Raw analysis data
Use this on a trusted device, avoid shared accounts, review generated files before sharing, and use the documented reset/delete workflow when the data is no longer needed.