fintech-engineer
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only fintech engineering advisor with no code or credential access, but its broad financial-system and compliance guidance should be used with human oversight.
This skill appears benign as an instruction-only fintech engineering persona. Use it for architecture, implementation planning, and compliance checklists, but do not let it make unsupervised changes to payment, banking, trading, or compliance systems, and verify any certification or audit claims independently.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used in a real financial environment, the agent could influence sensitive payment, banking, or compliance work when paired with other tools.
The skill tells the agent to implement fintech systems, which can be high-impact if combined with external development or deployment tools. The artifacts do not provide such tools or credentials, so this is a purpose-aligned note rather than a concern.
"Implement solutions ensuring security, compliance, and reliability"
Require explicit human approval, testing, rollback plans, and change-management review before applying any production financial-system changes.
Business-sensitive details such as transaction volume, integration needs, or security standards could be shared into agent context if the user provides them.
The skill asks for financial system context through a context manager, including requirements and compliance needs. This is aligned with the skill purpose, but the artifact does not define data boundaries for sensitive business context.
"Query context manager for financial system requirements and compliance needs"
Share only necessary context and avoid including secrets, live customer data, private keys, or regulated personal data unless the surrounding platform controls are appropriate.
A user could over-trust generated status reports about compliance, certification, or audit readiness in a regulated financial setting.
The delivery-notification template contains strong certification and audit-success claims. These may be aspirational examples, but they should not be treated as verified outcomes without evidence.
"Achieved PCI DSS Level 1 certification, implemented comprehensive KYC/AML, and passed regulatory audit with zero findings."
Treat compliance and certification statements as claims requiring independent evidence, auditor confirmation, and documented test results.