Journey to First Million
PassAudited by ClawScan on May 1, 2026.
Overview
This finance skill is coherent and locally scoped, but it will store sensitive income, spending, and budget records in a local OpenClaw workspace.
This skill appears safe for its stated local finance-tracking purpose. Before installing, be comfortable with the agent creating and retaining local files containing income, expense, budget, and savings information, and double-check transaction confirmations when your messages are ambiguous.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A casual or unclear finance-related message could be recorded as a transaction if the agent interprets it that way.
The agent is instructed to turn natural-language spending or income mentions into persistent ledger updates. This is central to the skill, but accidental or ambiguous parsing could create incorrect local records.
When the user mentions spending or income: ... Invoke the project script `scripts/add_transaction.py` with the parsed arguments to record it
Review confirmations after entries are logged, and ask the agent to clarify before recording when amount, category, date, or transaction type is ambiguous.
Income, expense, budget, and savings-progress details may remain on the local machine and be reused in later analyses.
The skill intentionally persists personal finance data for later reports and progress checks. This is purpose-aligned, but the stored data may be sensitive.
Ledger and budget data are stored in OpenClaw workspace: `~/.openclaw/workspace/first-million/` (`ledger.json`, `budget.json`).
Only record finance details you are comfortable storing locally, and periodically review or delete the workspace files if you no longer want the history retained.
Users have less external context for the publisher or code history before installing.
The supplied metadata does not provide a source repository or homepage, which limits independent provenance review even though the included code is local and straightforward.
Source: unknown; Homepage: none
Install only if you trust the registry listing or publisher, and review the included scripts if provenance is important to you.