Skillv1.0.0

ClawScan security

Smart Ledger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 7:04 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a local, privacy-focused expense tracker: it reads/writes a JSON file under ~/.openclaw/workspace and contains no obvious network calls or credential requests, but some source content in the package listing was truncated so review of the full files is recommended.
Guidance: This package appears to be a local-only expense tracker and is coherent with its description. Before installing or running: 1) Confirm you have Python 3.9+ available (SKILL.md requires it). 2) Review the full scripts (especially the truncated sections provided) yourself to verify there are truly no network calls or unexpected subprocess usage. 3) Back up any existing data in ~/.openclaw/workspace/data/expenses/expenses.json before first run. 4) If you store sensitive financial details, consider encrypting the JSON or keeping backups offline. 5) Run the scripts in an isolated environment (local user account or sandbox) if you are uncertain about the origin of the package.

Review Dimensions

Purpose & Capability: okName/description (natural-language expense tracking, local JSON storage, reports) match the provided code and SKILL.md. The code implements parsing, categorization, persistence, and reporting which align with the stated purpose. Minor metadata mismatch: the registry excerpt lists 'Required binaries: none' while SKILL.md declares 'python: >=3.9' — requiring Python is reasonable for this skill, but the registry metadata should reflect that.
Instruction Scope: okRuntime instructions and the scripts operate on local files only (the data path is ~/.openclaw/workspace/data/expenses/expenses.json and assets/categories.json). The SKILL.md and code instruct reading/writing that file and editing local config; there are no instructions to read unrelated system files, access credentials, or transmit data externally. (Note: some file contents in the provided package listing were truncated; no evidence of network/endpoints was visible in the parts provided.)
Install Mechanism: okNo install spec included — instruction-only with bundled Python scripts and a JSON asset. Nothing is downloaded or executed from remote URLs. The scripts use only Python standard library features (json, pathlib, tempfile, etc.), so no external package install is required.
Credentials: okThe skill requests no environment variables or external credentials and stores data locally. This is proportionate to a personal expense tracker. It attempts to set restrictive file permissions for privacy (chmod), which is appropriate. There are no unrelated credential requests.
Persistence & Privilege: okThe skill does not set always:true and is user-invocable only. It persists its own data under a dedicated workspace path and does not modify system-level or other-skill configuration. Attempted file-permission tightening is scoped to its data directory.