Financial Tracker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only finance tracker is coherent and purpose-aligned, but it stores sensitive business finance records and offers optional scheduled/Telegram summaries that users should review before enabling.
This looks reasonable as an instruction-only local finance tracker. Before installing, decide where the finance directory should live, keep it private, avoid storing bank credentials or unnecessary client details, and carefully review any optional cron, heartbeat, SOUL.md, AGENTS.md, or Telegram-summary setup before enabling it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your income, expenses, targets, and tax estimates may be stored in persistent workspace files and reused in later agent tasks.
The skill instructs the agent to maintain persistent files containing business financial targets, income, expenses, and running balances.
finance-state.json ← targets, YTD totals, running balances
Keep the finance directory in a private workspace, avoid adding unnecessary client or account details, and decide whether these files should be excluded from sync, sharing, or repository commits.
If enabled, the agent may automatically read and update finance files on a recurring schedule without a fresh prompt each time.
The advanced documentation suggests optional scheduled automation that continues to run month-end financial close tasks.
Set up a monthly cron (or heartbeat check) to automatically close the books
Enable cron or heartbeat automation only if you want recurring financial processing, review the exact scheduled task, and keep a note of how to disable it.
Financial summaries could leave the local workspace and be delivered to Telegram, or to the wrong chat if configured incorrectly.
The optional cron example sends a financial summary to an external Telegram chat destination.
--announce \ --to "[YOUR_TELEGRAM_CHAT_ID]"
Verify the recipient before enabling announcements, limit the detail included in external summaries, and consider whether Telegram is an acceptable place for business financial information.