Skillv1.0.0

ClawScan security

Debt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 4:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (building a payoff plan and negotiating with creditors) is coherent, but the instruction-only skill lacks declared mechanisms for accessing financial accounts or contacting creditors and could ask for sensitive credentials or transmit data; that ambiguity warrants caution.
Guidance: This skill's goals (mapping debt, negotiating, tracking payments) are plausible, but the instructions are ambiguous about how it will obtain and handle sensitive financial data. Before installing or using it, ask the publisher: (1) exactly how will the skill obtain your debt/account data — will you paste statements, link accounts via a trusted aggregator (e.g., Plaid), or provide login credentials? (2) Will the skill ever store your data externally, and if so where and for how long? (3) Will it contact creditors or third parties on your behalf (calls, emails, letters)? If so, what contact methods and what content will be sent? (4) Does the skill require SSNs, full bank logins, or full card numbers? (Avoid sharing these — prefer redacted statements, last 4 digits, or read-only tokenized access.) (5) How can you revoke access and delete stored data? If the publisher cannot answer these clearly, do not provide passwords, full card numbers, or Social Security numbers; instead provide redacted statements or manually run the plan yourself. Prefer solutions that use audited, read-only bank connectors or local/manual input. Because the SKILL.md is instruction-only and source/homepage are unknown, treat this as potentially risky until the data flows and retention policies are explicit.

Review Dimensions

Purpose & Capability: okName and description match the instructions' high-level goals: build a complete debt map, run payoff scenarios, find savings, and negotiate with creditors. Those capabilities legitimately require collecting detailed financial information and communicating with third parties, so the overall purpose aligns with the described operations.
Instruction Scope: noteSKILL.md is instruction-only and describes actions that imply collecting sensitive data (balances, interest rates, bills, payment history) and negotiating with creditors. The file does not declare how the agent should obtain that data (user-provided, read from local files, or fetched via APIs), nor whether it will contact creditors on the user's behalf or transmit data externally. Because the runtime instructions (as provided) are high-level and truncated, it's unclear whether the agent is permitted or instructed to read unrelated files, request account credentials, access email/phone, or call external services — these are plausible next steps given the task and should be explicitly documented.
Install Mechanism: okNo install spec and no code files — lowest-risk delivery model. Nothing is written to disk by the skill itself. That is consistent with an instruction-only skill, but it also means runtime behavior depends entirely on the agent following the prose, so the instructions must be scrutinized for data-handling steps.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate on paper. However, the described functionality (mapping debts, negotiating, tracking payments) commonly requires access to account data or external APIs. The absence of declared credentials could mean the skill expects users to paste sensitive data into the conversation (risky), or it may rely on the agent's existing integrations (also risky). The SKILL.md does not clarify what specific secrets the agent will request or how they will be used/stored.
Persistence & Privilege: okalways is false and the skill is user-invocable with autonomous invocation allowed (platform default). The skill does not request persistent installation privileges or claim to modify other skills. No red flags on privilege escalation from metadata alone.