Just Fucking Cancel
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If Plaid mode is used, the skill may access transaction history for a connected bank account through Plaid.
The skill discloses optional Plaid credentials for connected bank transaction access. This is aligned with the subscription-audit purpose, but it is sensitive account-linked authority.
`PLAID_CLIENT_ID`, `PLAID_SECRET`, `PLAID_ACCESS_TOKEN` - Access token for the bank connection
Prefer CSV mode if you do not need Plaid; if using Plaid, use only the intended account connection and revoke or rotate access when finished.
Using Plaid sends financial transaction data to Plaid, while CSV mode is described as local-only.
The artifact clearly discloses an external provider data flow for Plaid mode. This is expected for the integration, but it means transaction data leaves the local workflow.
**Privacy note**: When using Plaid, transaction data is transmitted to Plaid's API. CSV analysis is fully local.
Use Plaid only if you are comfortable with Plaid receiving the transaction data needed for the audit.
A generated report may still contain subscription names and costs even when the privacy toggle is enabled.
The privacy mode visually blurs service names but does not redact them from the HTML, and names can reappear on hover.
body.privacy-mode .service-name { filter: blur(5px); user-select: none; } body.privacy-mode .service-name:hover { filter: none; }Do not share the raw HTML report unless you have reviewed or redacted the underlying service names and amounts.
Users may be unsure whether the skill only provides cancellation links or can automate account changes.
This publishing note conflicts with SKILL.md's runtime statement that there is 'No automated browser interaction.' No executable automation is present, but the documentation inconsistency could confuse users.
- Browser automation for cancellations
Treat the current SKILL.md manual-cancellation workflow as the operative behavior, and update or ignore the stale publishing note before relying on the skill.