Personal Finance Reconciler
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently imports user-provided bank statements into a local SQLite finance database, with noteworthy local storage of sensitive financial data and unpinned Python dependencies.
Before installing, be comfortable with a local database of your bank transactions being created under the skill data directory, and install the Python dependencies only in an environment you trust. The artifacts support the stated privacy-first local workflow and do not show hidden exfiltration or destructive behavior.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your transaction history, merchants, amounts, account labels, and memos may remain stored locally after import.
The skill persists detailed bank transaction data in a local SQLite database for future queries and reports.
CREATE TABLE IF NOT EXISTS transactions (... date TEXT NOT NULL, description TEXT NOT NULL, original_description TEXT, amount REAL NOT NULL, ... account TEXT, source_file TEXT, transaction_type TEXT, memo TEXT, imported_at TEXT DEFAULT (datetime('now')) ...);Use it on a trusted device, protect the local data directory, and delete or relocate the SQLite database if you no longer want the data retained.
Installing the skill may fetch current versions of external Python packages rather than fixed, reviewed versions.
The skill relies on third-party Python packages installed from pip without version pins; this is purpose-aligned but creates normal dependency supply-chain exposure.
"install": { "all": "pip install pandas ofxparse tabulate python-dateutil", "macos": "pip3 install pandas ofxparse tabulate python-dateutil", "linux": "pip3 install pandas ofxparse tabulate python-dateutil", "windows": "pip install pandas ofxparse tabulate python-dateutil" }Install in a trusted Python environment, consider pinning versions yourself, and review dependency provenance if you require stricter reproducibility.
Imported transactions may be categorized immediately using the skill's rules, which can affect later reports and budget status views.
The agent is instructed to run a local data-modifying categorization step automatically after import; this is disclosed and central to the finance-tracking workflow.
After a successful import, **always run categorization automatically** (step 2) without the user asking.
Review category summaries after import and adjust or recategorize rules if the automatic classifications are wrong.