Receipt

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This receipt skill appears to be a local-only finance logging tool, but users should remember that it stores and exports potentially sensitive spending and tax information on disk.

This skill looks safe for local receipt tracking if you are comfortable storing expense data under ~/.local/share/receipt. Treat the logs and export files as sensitive financial records and review them before sharing.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning

Low

What this means

Your spending history, budget notes, and tax notes may remain on your computer and be included in exports until you delete them.

Why it was flagged

The skill stores receipt, budget, balance, and tax-related notes persistently and can export the complete local dataset.

Skill content

All data is persisted locally in `~/.local/share/receipt/` ... Every action is also appended to `history.log` ... Generated exports are saved as `export.json`, `export.csv`, or `export.txt`

Recommendation

Avoid entering secrets or account credentials, protect the local data directory, and review exported files before sharing them.