Fin Audit Automator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly looks like a local financial-audit helper, but it makes strong security and compliance promises that the included code does not actually enforce.
Do not rely on the advertised sandbox, network isolation, tamper-proof logs, or automatic data masking without independent verification. Use only test or sanitized data until the publisher provides consistent versioning, pinned dependencies, explicit credential declarations, real sandbox/network controls, and clear log-retention procedures.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the skill with sensitive financial records based on security promises that are not actually enforced by the provided code.
These are strong security assurances for financial data. The included implementation does not substantiate them: index.py does not call secure_execute, modules/sandbox.py only clears proxy environment variables, audit logs are normal appendable files, and masking is not applied to the main outputs.
🔒 本地处理: 所有数据在本地沙箱完成,不上传云端; 🚫 网络隔离: 仅允许访问白名单内网,禁止公网; 📝 审计留痕: 所有操作记录不可篡改的审计日志; 🛡️ 数据脱敏
Treat this as a basic local script unless the publisher provides real sandboxing, enforced network controls, tamper-evident logging, and documented masking behavior.
Users may not be able to reproduce exactly what dependency versions will run, and the version mismatch makes review and support harder.
The package version differs from the registry/SKILL versions, and dependencies are broad lower-bound ranges without a lockfile or install spec. This is a provenance and reproducibility note, not evidence of malicious code.
"version": "1.0.0", ... "dependencies": { "pandas": ">=1.3.0", "numpy": ">=1.21.0", "sqlalchemy": ">=1.4.0", "cryptography": ">=3.4.0", "jieba": ">=0.42.1" }Ask for a consistent release version, dependency lockfile, and clear installation instructions before using it in a regulated environment.
If these environment variables are present, the skill can read them, even though the registry does not make that credential surface clear.
The code reads optional SkillPay-related environment values even though registry metadata declares no credentials or environment variables. No artifact shows the key being logged or transmitted.
API_KEY = os.environ.get('SKILLPAY_API_KEY', '')
SKILL_ID = os.environ.get('SKILLPAY_SKILL_ID', '')Run with only the environment variables you intend to expose, and have the publisher declare optional billing credentials in metadata.
Local files may retain user IDs, request types, errors, and usage counts after the audit task finishes.
The skill persists audit actions and trial-usage state locally. This is consistent with audit logging and trial limits, but the artifacts do not describe retention, cleanup, or exactly what identifiers may be stored.
AUDIT_LOG_FILE = Path("~/.openclaw/fin_audit_logs/audit_chain.log").expanduser() ... self.trial_dir = Path("~/.openclaw/skill_trial").expanduser()Review the files under ~/.openclaw/fin_audit_logs and ~/.openclaw/skill_trial, and define retention/deletion procedures for regulated data environments.