ClawHub

Aoineco Ledger — AI Agent Financial Tracking Engine

PassAudited by ClawScan on May 1, 2026.

Overview

This appears to be a local bookkeeping helper for AI-agent spending, with expected persistence of sensitive financial records and budget warnings that users should not treat as guaranteed spend controls.

This skill looks proportionate for local financial tracking. Before installing, understand that it writes persistent ledger files in the OpenClaw workspace, so do not log secrets or private receipt links you would not want stored there. Also treat its budget feature as alerting unless you separately verify or add controls that can actually block spending.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI06: Memory and Context Poisoning
What this means

Anyone with access to the workspace files may be able to read detailed financial tracking records and per-agent attribution.

Why it was flagged

The ledger persists financial transactions, account data, and budgets locally, which is expected for this purpose but can contain sensitive spending and revenue details.

Skill content
self._tx_file = os.path.join(ledger_dir, "transactions.jsonl")
self._accounts_file = os.path.join(ledger_dir, "accounts.json")
self._budgets_file = os.path.join(ledger_dir, "budgets.json")
Recommendation

Keep the workspace private, avoid putting secrets in transaction descriptions or receipt URLs, and delete or back up the ledger files according to your retention needs.

Note
ASI09: Human-Agent Trust Exploitation
What this means

A user or agent could overestimate the skill’s ability to prevent spending; the visible behavior supports warnings on logged records rather than guaranteed external spend enforcement.

Why it was flagged

The visible budget path warns and still saves the logged transaction. This should be understood as ledger alerting, even though SKILL.md describes budget alerts as warning at 80% and blocking at 100%.

Skill content
if alerts:
    tx.tags.append("BUDGET_WARNING")
    for alert in alerts:
        print(f"⚠️ {alert}")

self._save_tx(tx)
Recommendation

Treat budget limits as advisory unless you add separate approval or enforcement controls around any tool that actually spends money.