Watch My Money
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Bank transaction details, merchant names, budgets, and reports may remain available locally after the analysis is done.
The skill intentionally keeps financial history and reports for future runs. This is purpose-aligned and disclosed, but it creates persistent sensitive records on the user's device.
Persist to `~/.watch_my_money/`: `state.json` - budgets, merchant overrides, history; `reports/YYYY-MM.json`; `reports/YYYY-MM.html`
Use on a trusted device, avoid sharing the generated report files unless intended, and delete or reset `~/.watch_my_money/` when you no longer want the data retained.
A generated HTML report can still contain the original financial details even when the privacy view is enabled.
The report's privacy mode is a reversible visual blur, not removal or encryption of the underlying data. The template also reveals blurred content on hover.
body.privacy-mode .blur-target { filter: blur(5px); user-select: none; } ... body.privacy-mode .blur-target:hover { filter: none; }Do not treat the privacy toggle as redaction. If you need to share a report, create a separately redacted version or remove sensitive fields.
If a user tries to install or run a separate `watch_my_money` package, that code is outside the reviewed artifacts.
The documentation references a Python module to run, while the supplied artifact set says this is an instruction-only skill with no code files or install spec. This is not automatic execution, but any actual module used would need separate provenance review.
python -m watch_my_money analyze --csv path/to/file.csv --month 2026-01
Do not install or run an external module with this name unless you independently trust and review its source.