Refund Radar
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs or runs a separate refund_radar package, that external code would process their bank statement data.
The skill instructs use of a Python module, while the provided package is described as instruction-only with no included code or install spec. This is not malicious, but users should verify any external module or repository before running it.
python -m refund_radar analyze --csv statement.csv
Only run a separately installed module from a trusted, reviewed source, and confirm it matches the documented local-only behavior.
Financial transaction history and learned merchant decisions may remain on the device and influence future analyses.
The skill explicitly stores learned merchant preferences and raw transaction analysis locally, which may include sensitive financial patterns and merchant history.
`~/.refund_radar/state.json` | Learned preferences, merchant history ... `~/.refund_radar/reports/YYYY-MM.json` | Raw analysis data
Use this on a trusted device, avoid shared accounts, review generated files before sharing, and use the documented reset/delete workflow when the data is no longer needed.