Budgetly
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: budgetly Version: 2.0.1 BudgetLy is a local-only personal finance toolkit implemented as a Bash script. It manages financial records by appending timestamped entries to plain-text log files within the user's local data directory (~/.local/share/budgetly/). The script (scripts/script.sh) uses standard Unix utilities like grep, tail, and du, and contains no network calls, credential access, or suspicious execution patterns. The documentation (SKILL.md) accurately reflects the code's functionality without any prompt-injection risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any tool with access to the user's local files could read the saved spending, balance, tax, or budget notes.
The skill intentionally keeps user-entered financial data in persistent plaintext local logs, which is purpose-aligned but sensitive.
All entries are timestamped and stored in plain-text log files... All data is stored in `~/.local/share/budgetly/`
Avoid storing highly sensitive account details or secrets in entries, protect the local data directory, and review exported files before sharing them.
A user may need to verify how the `budgetly` command is installed and that the script being run matches the reviewed artifact.
The package includes a Bash script and documents a CLI command, but the install mechanism and required runtime binaries are not declared in the registry metadata.
No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh
Install only from the expected source, inspect the script before placing it on PATH, and ensure Bash and the documented Unix utilities are available.