Skillv1.0.1

ClawScan security

Smart Expense Tracker Cn Payment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 2:38 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: This skill markets advanced expense-tracking features but provides only a payment/sales note and no technical integration, credentials, or runtime instructions — the mismatch and the embedded payment flow are suspicious.
Guidance: Do not pay or send screenshots to this skill yet. It currently looks like a sales/marketing page rather than a working integration: there is no code, no APIs, no credentials, and no clear verification/activation process. Ask the publisher for: (1) source code or a hosted homepage, (2) a clear technical spec describing how voice messages, classification, and push reports are implemented (APIs, endpoints, required credentials), (3) privacy and data-handling policies for voice and financial data, and (4) an automated, verifiable activation flow (not just ‘send a screenshot’). If you consider paying, verify the recipient identity through an independent channel and prefer skills with published source or known vendors.

Review Dimensions

Purpose & Capability: concernThe description promises voice recognition, automatic classification, push reports, multi-user and paid tiers, but the skill is instruction-only with no code, no API endpoints, no required credentials, and no install spec. There is an internal metadata line saying it requires 'jq' (in SKILL.md) but the registry metadata lists no required binaries — this inconsistency suggests the skill cannot actually perform the claimed features as provided.
Instruction Scope: concernSKILL.md is essentially marketing and a manual payment flow (scan & send screenshot). It contains no concrete runtime instructions for how the agent should perform voice transcription, send push reports, store or retrieve user data, or verify payments. The payment flow requires users to send screenshots of payments for manual activation — a social-engineering risk and operationally unclear for an autonomous agent.
Install Mechanism: okThere is no install spec and no code files (instruction-only), so nothing will be downloaded or written to disk by an installer. This limits direct code-execution risk but also means promised features have no backing implementation in the package.
Credentials: concernThe skill requests no environment variables or credentials but claims features (voice recognition, push notifications, QQ integration, multi-user accounts) that would normally require service credentials, API keys, or backend access. Also, developer payment account info is embedded in the SKILL.md — not sensitive by itself, but unusual for a skill manifest and raises trust questions.
Persistence & Privilege: okalways:false and no install actions or declared config paths. The skill does not request persistent presence or system-wide configuration changes.