Pension
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: pension Version: 2.0.0 The Pension skill is a local personal finance tool designed to log and track financial entries entirely offline. Analysis of the shell script (scripts/script.sh) shows it only interacts with a local data directory (~/.local/share/pension/) and lacks any network capabilities, data exfiltration logic, or persistence mechanisms. While the SKILL.md file contains some unusual shell-like syntax (e.g., $(du -sh ...)) within a documentation table, these appear to be poorly formatted examples of the tool's expected output rather than malicious prompt injection attempts. The script handles user input safely without the use of eval or other dangerous execution functions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your pension or finance notes, history, and exported reports may remain on disk until you delete them.
The skill intentionally keeps persistent local records of finance-related user input; this is purpose-aligned, but the data may be sensitive.
All data is stored locally at `~/.local/share/pension/`. Each action is logged with timestamps.
Only record information you are comfortable storing locally, protect your user account/device, and periodically review or delete old logs and exports if needed.
You may need to inspect or understand how the included script is installed or invoked before trusting it.
The artifact has limited provenance and setup documentation while including a shell script and documenting a `pension` CLI command. No remote download or automatic execution is shown.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included script and only install or alias the command from a source you trust.