Refund Radar
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: refund-radar Version: 1.0.1 The OpenClaw AgentSkills skill bundle 'refund-radar' is classified as benign. All operations are explicitly stated to be local-first with no network calls or external APIs, a claim supported by the HTML/JavaScript which lacks any network requests. The SKILL.md instructions are clear, task-oriented, and do not contain any prompt injection attempts to manipulate the agent into malicious actions. File writes are confined to a dedicated `~/.refund_radar/` directory, and the Python component is stated to have no external dependencies, minimizing supply chain risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs or runs a separate refund_radar package, that external code would process their bank statement data.
The skill instructs use of a Python module, while the provided package is described as instruction-only with no included code or install spec. This is not malicious, but users should verify any external module or repository before running it.
python -m refund_radar analyze --csv statement.csv
Only run a separately installed module from a trusted, reviewed source, and confirm it matches the documented local-only behavior.
Financial transaction history and learned merchant decisions may remain on the device and influence future analyses.
The skill explicitly stores learned merchant preferences and raw transaction analysis locally, which may include sensitive financial patterns and merchant history.
`~/.refund_radar/state.json` | Learned preferences, merchant history ... `~/.refund_radar/reports/YYYY-MM.json` | Raw analysis data
Use this on a trusted device, avoid shared accounts, review generated files before sharing, and use the documented reset/delete workflow when the data is no longer needed.