Skillv1.0.0

ClawScan security

Expense Categorization Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 19, 2026, 2:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (providing descriptive templates and recommendations) and do not request credentials, install third‑party packages, or perform network access.
Guidance: This skill appears coherent and low-risk, but note: it will execute locally (handler.py) when invoked, so do not paste sensitive credentials or full bank statements into prompts. Because the source and homepage are unknown, you may want to: (1) review the included handler.py yourself (it is short and readable), (2) run the provided tests in a sandbox/isolated environment before using with real data, (3) avoid sending personally identifiable information or raw account numbers to the skill, and (4) prefer skills from known authors or with a published homepage if you need stronger provenance guarantees. If you plan to act on financial recommendations, consult a qualified financial professional.

Purpose & Capability: okThe name/description (expense categorization guidance) aligns with what the skill contains: an input parser, a local generator for recommendations/templates, and tests. There are no unrelated requirements such as cloud credentials or system-level access.
Instruction Scope: okSKILL.md instructs the agent to accept user context and produce descriptive outputs only. The handler.py implementation follows that scope: it only parses the provided input string and returns structured JSON. There are no instructions to read files, environment variables, or send data externally.
Install Mechanism: okNo install spec is provided (instruction-only installation), and the included Python code is small and self-contained. Nothing is downloaded or extracted from remote URLs; therefore installation risk is low.
Credentials: okThe skill declares no required environment variables, credentials, or config paths and its code does not access os.environ or external secrets. The requested access is proportional to a descriptive finance helper.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide changes. The skill does not modify other skills' configs or require persistent presence.