Skillv1.0.0

ClawScan security

Expense · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 7:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only expense-tracking assistant whose requested capabilities, files, and runtime instructions align with its stated purpose and do not ask for credentials or install artifacts.
Guidance: This skill appears coherent and low-risk in itself because it is instruction-only and asks for no credentials or installs. Before installing, note that: (1) the skill comes from an unknown/limited registry record (minor metadata mismatch exists), so provenance is unclear — prefer skills with clear authorship/homepage if you require stronger trust; (2) the agent will handle sensitive financial information you type or paste (transactions, receipt images, vendor names). Do not paste account numbers, full payment card numbers, passwords, or unredacted images containing sensitive IDs unless you trust where the agent stores/transmits data; check the host platform's data retention and sharing policies. If you plan to use this for official reimbursement/tax filings, verify outputs with your employer or accountant. If you want higher assurance, ask the publisher for a link to a homepage or source repository and a clear privacy/data-retention statement.

Purpose & Capability: okName, description, capabilities in skill.json, and the SKILL.md all describe expense logging, categorization, reporting, receipt guidance, and review rhythms; nothing in the package requests unrelated privileges. Minor metadata inconsistency: registry summary listed no homepage/source while skill.json includes a homepage and author — this is a transparency issue but does not change capability alignment.
Instruction Scope: okSKILL.md and examples/heartbeat are prose and user prompt templates only. They instruct the agent how to ask questions, format reports, and guide users; they do not tell the agent to read local files, environment variables, or send data to any external endpoint beyond normal agent behavior.
Install Mechanism: okNo install spec, no code files, and no binaries — instruction-only. This minimizes on-disk execution risk and there are no download URLs or package installs to evaluate.
Credentials: okNo required environment variables, no credentials, and no config paths declared. The skill's functionality (conversational expense guidance) does not require secrets or system access.
Persistence & Privilege: okSkill is not forced-always, and does not request system-level persistence or modification of other skills. Autonomous invocation is allowed (platform default) but the skill itself does not demand elevated privileges.