Finance Report Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s code matches its finance-report purpose and shows no network, credential, persistence, or destructive behavior, but it does embed paid-service promotions in the generated report.
Safe to review/install from a security perspective, but only enter financial details you are comfortable sharing with the agent context, and be aware that the generated report includes marketing for paid services.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated financial reports may include sales-oriented recommendations for paid services alongside financial analysis.
The skill explicitly says one goal is to funnel users toward paid products, so users should treat product recommendations as promotional rather than neutral financial advice.
目標:引流到付費產品(FB Ads / 電商)
Review any paid-service recommendations separately and do not treat them as independent financial advice.
The skill may not actually generate PDFs as advertised unless additional files are supplied elsewhere.
The documentation references a PDF exporter and other supporting files, but the provided manifest only contains SKILL.md, src/analyzer.py, and src/report_generator.py. This suggests incomplete packaging or documentation drift, not malicious behavior.
src/pdf_exporter.py # PDF 導出器
Confirm the available features before relying on PDF export or any missing documented components.