Back to skill
Skillv1.0.0
ClawScan security
Receivable Aging Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 2:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose (descriptive receivable-aging guidance) and do not request unexpected credentials or network access.
- Guidance
- This skill appears internally consistent and only runs a small local Python parser that returns JSON recommendations. Before installing, consider: (1) do not paste full account numbers, passwords, or bank login details into prompts — the skill expects free-form financial text and amounts only; (2) confirm your agent's execution sandbox and logs (so you know where handler.py runs and whether outputs are stored); (3) remember outputs are informational only — consult a financial professional for actions; (4) if you want extra assurance, review handler.py yourself (it's short and readable) or run the included tests locally to verify behavior.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, and handler.py align: the skill analyzes user-provided financial text and returns recommendations and templates. There are no unrelated credentials, binaries, or cloud integrations requested.
- Instruction Scope
- okSKILL.md limits the skill to descriptive analysis and templates and explicitly disclaims external API calls or transactions. The included handler.py only parses the provided input and produces JSON; it does not read files, environment variables, or contact external endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only in registry), and the shipped code is a small self-contained Python handler with no downloads or extract steps. Risk from installation is minimal.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The code does not access environment variables or secrets.
- Persistence & Privilege
- okSkill flags are defaults (always: false, agent invocation allowed). It does not request permanent presence or attempt to modify other skills or system settings.