Accounting Finance System Research Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, with expected cautions around finance-system guidance, web research, and an optional Python package install.
This appears safe to use as a research-and-documentation helper. Before installing or invoking it, be mindful that it may discuss production finance processes, install `python-docx`, run a local DOCX-generation script, and perform web research. Avoid sharing secrets or unnecessary confidential transaction details, review the cited sources, and confirm with the appropriate finance or system administrator before making live-system changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows incorrect guidance in a live finance system, it could affect accounting records or reporting.
The skill may advise on actions that affect accounting records or close/reporting workflows, including production environments. It does not directly perform these actions, and the workflow includes confirmations and risk checks.
What exact outcome do you need (create, post, reverse, reconcile, report, close)? ... Is this production, sandbox, or test environment?
Treat the output as guidance, verify cited vendor sources, and get appropriate finance/admin approval before making production changes.
Permission advice could influence access granted inside financial systems.
The skill asks about roles, permissions, and possible temporary access as part of ERP troubleshooting. This is expected for the purpose, and there is no request for passwords, tokens, or direct account access.
What role/profile are you using? ... Can an admin grant temporary access if needed?
Do not share credentials, and only grant temporary access through normal approval and least-privilege processes.
Sensitive business context could be exposed to external search or web providers if included in research queries.
External web research is disclosed and confirmation-gated, but search queries or browsing context could include details from the user's finance-system scenario.
Restate understanding and wait for confirmation before web research. Research the internet after confirmation, prioritizing official vendor guidance.
Keep search terms generic when possible and avoid including confidential transaction IDs, customer/vendor names, or proprietary financial details in web research.
Installing any unpinned package depends on the package index and local Python environment.
The skill discloses an optional third-party Python dependency install, but the package version is not pinned. This is expected for generating DOCX files and no suspicious install behavior is shown.
Install once if needed: python -m pip install --user python-docx
Install `python-docx` from a trusted package source, consider pinning a known-good version, and run the helper in a normal user environment.