Bank Recon Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Bank Recon appears to be a legitimate local reconciliation helper, but users should remember it reads bank/ledger files and creates Excel copies containing financial data.
Use this only with the specific bank statement and GL files you intend to reconcile. Provide explicit file paths, choose a safe new output location, and handle or delete the generated `_extracted.xlsx` and reconciliation workbook according to your financial-data retention practices.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Supplying or inferring the wrong files could process unintended financial records or place an output workbook somewhere unexpected.
The skill intentionally has the agent run a local helper against user-provided financial file paths and an output path; this is necessary for the task but makes path selection important.
Run `scripts/recon_logic.py` with the bank file, GL file, output file, and threshold.
Provide explicit bank, GL, and output paths and review the generated workbook before using it for accounting decisions.
Bank transaction details may remain in an additional Excel file after the task completes.
PDF processing creates an extra persistent workbook containing extracted statement rows; this is disclosed and purpose-aligned but adds another local copy of financial data.
When the bank input is a PDF, the script also creates a companion extracted workbook beside the PDF (same basename with `_extracted.xlsx`).
Store outputs in an appropriate secure folder and delete the extracted workbook if you do not need to keep it.