Personal Bookkeeper
PassAudited by ClawScan on May 1, 2026.
Overview
This is a local personal-finance logging tool with no evidenced network or credential behavior, but it stores sensitive financial notes in plain-text files.
This appears safe to use as a local finance note logger. Before installing, confirm what provides the `personal-bookkeeper` command, and treat the log and export files as sensitive personal financial records.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may need to verify what executable is actually being run as `personal-bookkeeper`.
The skill documents a CLI command and includes a script, but the registry does not declare how that command is installed or wrapped.
No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh
Review the included script and ensure the installed command points to the expected local artifact; avoid adding remote install steps not shown in the artifacts.
Anyone or anything with access to the user's local files, backups, or exported reports could read the recorded financial notes.
The skill persistently stores and exports potentially sensitive personal finance entries in unencrypted local files.
All data is stored as plain-text log files in `~/.local/share/personal-bookkeeper/` ... Export produces files at `~/.local/share/personal-bookkeeper/export.{json,csv,txt}`Do not enter bank credentials or unnecessary account details; protect the data directory and review exported files before sharing them.