Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Finance Report Pro
v1.0.1個人理財報告生成專業版。AI 分析個人財務狀況,提供理財建議, 生成專業 PDF 報告。包含收入支出分析、資產負債評估、理財目標規劃、 被動收入建議。引流到付費產品(FB Ads / 電商)。 Use when: (1) 需要分析個人財務狀況, (2) 需要生成理財報告, (3) 需要理財建議, (4) 需要資產...
⭐ 0· 100·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included analyzer and report generator: both compute scores and produce a Markdown report. However SKILL.md and the documented file tree refer to a pdf_exporter.py, docs, and templates that are not present in the package; the README also emphasizes PDF export and funneling users to paid services, but the shipped code only generates Markdown and inlines marketing/contact links. This mismatch (claimed PDF export + missing file) is an inconsistency.
Instruction Scope
Runtime instructions and code operate only on provided financial data and generate reports; there are no commands to read unrelated files, environment variables, or make network calls. Still, SKILL.md's marketing/monetization steps (collecting emails, funneling to paid products) are described but not implemented in code, and the skill does not state how it will handle/retain sensitive user financial data — a privacy scope gap.
Install Mechanism
No install spec (instruction-only) and the Python source is included. Nothing is downloaded or executed outside the local code, so install mechanism risk is low.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to the declared functionality. Note: because the skill processes sensitive financial inputs, the absence of any declared telemetry/storage settings is notable — there is no code here that exfiltrates data, but the packaging lacks a data-handling/privacy statement.
Persistence & Privilege
always:false and no code that modifies other skills or system settings. The skill does not request persistent privileges or autonomous always-on behavior.
What to consider before installing
This package mainly contains local analysis and a Markdown report generator — no network calls or credentials are requested, which is good. However: (1) SKILL.md claims a pdf_exporter and other docs/templates that are missing — ask the publisher for the missing files or an updated package before using. (2) The skill will process sensitive personal financial data; confirm how reports are stored, whether anything is sent to external services, and where PDF export (if present) writes files. (3) Verify the contact links (email/Telegram/Calendly) independently before trusting them for payments or scheduling. (4) If you plan to run this on real user data, review/complete the PDF exporter and add explicit privacy/retention controls and, if needed, logging/telemetry opt-outs. If the missing pdf_exporter is required for your workflow, treat the package as incomplete until provided.Like a lobster shell, security has layers — review code before you run it.
latestvk975kw8t7vdk5g6hgj7rsh5n5n83vyq3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.