Paycheck
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be advertised as a paycheck calculator, but the provided artifacts mostly implement a local logging tool for paycheck-related entries.
Install only if you want a local paycheck-related logging tool, not a verified salary or tax calculator. Be aware that entered salary, tax, and deduction details are saved under `~/.local/share/paycheck/`; review or remove those files if the information is sensitive.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting take-home-pay calculations may instead have their salary, tax, or deduction details saved as local notes without receiving a real calculation.
The skill is described as a paycheck/tax calculator, but the command documentation describes recording entries. This mismatch could cause users or agents to rely on it for calculations it does not actually perform.
description: "Calculate salary breakdowns with taxes and deductions..." ... `paycheck run <input>` | Record a run entry
Treat this as a logging utility unless the maintainer provides actual calculation logic and clearer documentation. Do not rely on it for payroll or tax decisions without independent verification.
Financial details entered into the tool may remain on disk and be searchable or exportable later.
The skill persistently stores paycheck-related inputs and history locally. This is disclosed and scoped, but salary and deduction details can be sensitive.
All data is stored locally in `~/.local/share/paycheck/` ... `history.log` — Unified activity log with timestamps for every recorded action.
Avoid entering sensitive payroll details unless local persistence is acceptable, and delete or protect `~/.local/share/paycheck/` if needed.
Users may not know how the included script is installed or invoked, and the registry requirements do not fully describe the shell utilities the script needs.
The package includes a shell script, but the metadata does not declare an install mechanism or required binaries. No automatic execution or hidden dependency is shown, so this is a provenance/packaging clarity note rather than a direct security concern.
No install spec — this is an instruction-only skill. ... Code file presence: scripts/script.sh
Review the included script before using it and prefer an updated package with explicit install and runtime requirements.