v1.0.0

Subscriptions

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

This is a coherent instruction-only subscription tracker that stores user-provided subscription details locally, with minor privacy considerations around billing and payment-method notes.

GuidanceThis skill appears safe for its stated purpose. Before using it, decide what billing details you are comfortable storing locally, avoid entering full payment card numbers or passwords, and check the ~/subscriptions/ folder if your home directory is synced or shared.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Create `~/subscriptions/` as workspace ... - Card: Visa •4242

The skill persists subscription records locally and examples include payment-method details, which are purpose-aligned but sensitive if exposed or over-retained.

User impactSubscription costs, billing dates, usage habits, and partial card identifiers could remain in local files and may be visible to anyone or any tool with access to that folder.

RecommendationStore only minimal payment-method details, avoid full card numbers or account credentials, and review the ~/subscriptions/ folder before sharing, syncing, or backing it up.