phoenixclaw-ledger
Security checks across malware telemetry and agentic risk
Overview
Review before installing: this skill is purpose-aligned, but it passively records sensitive financial details from conversations and payment screenshots into persistent local journals without clear per-entry approval or retention controls.
This does not show evidence of malware, exfiltration, or destructive code. The concern is privacy: it is designed to automatically turn financial mentions and payment screenshots into a persistent local ledger and journal reports. Install it only if you are comfortable with that, and verify how to disable it, review entries, redact screenshots, and remove stored financial records.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private spending, income, merchants, and payment context from chats or screenshots may become a structured financial history that remains on disk and can be reused in later reports.
The skill asks to read personal moments and memory, automatically extract financial events, and persist them into a local ledger. This is purpose-aligned, but it handles highly sensitive financial context without clear per-entry approval, retention, or deletion controls in the provided artifacts.
data_access:\n - moments\n - user_config\n - memory\n... automatically extracts financial transactions from your daily conversations and payment screenshots, requiring zero manual input ... Store: Write to `~/PhoenixClaw/Finance/ledger.yaml`
Install only if you want passive financial tracking. Review the generated ledger and journal files regularly, and look for settings to disable the plugin, exclude sensitive sources, or delete stored records.
Payment screenshots may contain account details, transaction IDs, names, or merchant information and could remain visible in the journal.
The receipt template embeds payment screenshots in generated notes. Although it mentions masking sensitive data, embedding the screenshot path can preserve and display the original payment image unless the implementation actually redacts it.
> ![[{{SCREENSHOT_PATH}}|300]] ... *Source: {{PLATFORM}} screenshot* ... Mask sensitive data (last 4 digits only for cards)Before using screenshot tracking, confirm whether screenshots are redacted or merely linked. Avoid submitting payment images that contain details you do not want stored.
The ledger may continue generating financial summaries on a schedule, creating new local records even when the user is not actively asking for a report.
The scheduled processing is disclosed and aligned with a ledger/reporting plugin, but it means the skill can keep operating in recurring background workflows after setup.
Ledger uses PhoenixClaw Core's cron infrastructure plus additional scheduled tasks ... Daily Processing | 10 PM ... Monthly Report | 1st of month, 8 AM ... Weekly Summary | Sunday 9 PM
Review enabled cron jobs and disable scheduled ledger reports if you only want manual financial summaries.
Users have less independent context about the publisher, project, or implementation quality.
The package has limited provenance and no executable implementation to inspect. That is not malicious by itself, but it limits assurance about how the described behavior would be implemented by the surrounding PhoenixClaw system.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; No code files present
Prefer installing from trusted publishers and review generated files after first use.