Watch My Money

ReviewAudited by ClawScan on May 1, 2026.

Overview

This looks like a local, user-directed budgeting/reporting skill, with the main considerations being persistent financial records and example CLI commands for a module not included in the artifacts.

This skill appears coherent and local-only. Before using it, remember that bank transactions and generated reports are sensitive and will be saved under `~/.watch_my_money/`; delete that folder or use the reset flow when you no longer want the data kept. Also, the HTML privacy toggle only blurs what is displayed and should not be used as a safe way to share a sanitized report.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

Bank transaction details, merchant names, budgets, and reports may remain available locally after the analysis is done.

Why it was flagged

The skill intentionally keeps financial history and reports for future runs. This is purpose-aligned and disclosed, but it creates persistent sensitive records on the user's device.

Skill content

Persist to `~/.watch_my_money/`: `state.json` - budgets, merchant overrides, history; `reports/YYYY-MM.json`; `reports/YYYY-MM.html`

Recommendation

Use on a trusted device, avoid sharing the generated report files unless intended, and delete or reset `~/.watch_my_money/` when you no longer want the data retained.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

A generated HTML report can still contain the original financial details even when the privacy view is enabled.

Why it was flagged

The report's privacy mode is a reversible visual blur, not removal or encryption of the underlying data. The template also reveals blurred content on hover.

Skill content

body.privacy-mode .blur-target { filter: blur(5px); user-select: none; } ... body.privacy-mode .blur-target:hover { filter: none; }

Recommendation

Do not treat the privacy toggle as redaction. If you need to share a report, create a separately redacted version or remove sensitive fields.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

If a user tries to install or run a separate `watch_my_money` package, that code is outside the reviewed artifacts.

Why it was flagged

The documentation references a Python module to run, while the supplied artifact set says this is an instruction-only skill with no code files or install spec. This is not automatic execution, but any actual module used would need separate provenance review.

Skill content

python -m watch_my_money analyze --csv path/to/file.csv --month 2026-01

Recommendation

Do not install or run an external module with this name unless you independently trust and review its source.