Skillv0.1.2

ClawScan security

Spend Pulse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s behavior broadly matches a Plaid-based spending-alert tool, but there are a few inconsistencies and operational risks (no install spec, external npm/git install instructions, macOS-only keychain guidance) that warrant caution before installing or trusting it with financial credentials.
Guidance: This skill appears to implement a Plaid-based spending-alert CLI, but it does not include code in the bundle and asks you to install an external npm package or clone a GitHub repo. Before installing or handing it Plaid credentials: 1) Verify the npm package and GitHub repo (owner, stars, recent commits, package versions, publisher identity). 2) Inspect the package source code (or ask for an audited release) to confirm it only uses Plaid and writes config under ~/.spend-pulse and the macOS Keychain as claimed. 3) Confirm you are comfortable installing third‑party npm packages (they can run arbitrary code at install/run time). 4) Note the instructions target macOS Keychain — ensure this matches your OS or that the tool provides a secure alternative. 5) If you allow the agent to invoke the skill autonomously, remember it could run the CLI and access stored financial data; only enable autonomous use if you trust the package source. If you want higher assurance, request a skill bundle that includes audited code or a clear install spec from a verified release (GitHub release or npm package with known publisher) and explicit metadata linking the registry entry to the repository.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a Plaid-integrated spending-alert CLI (setup, sync, check, charts) which aligns with the skill name and description. However, registry metadata lists the source/homepage as unknown while the instructions reference an npm package and a specific GitHub repo (github.com/jbornhorst1524/spend-pulse). That mismatch (metadata vs README) reduces confidence in provenance.
Instruction Scope: noteInstructions are focused on the stated purpose (Plaid API keys, Plaid Link flow, syncing transactions, generating charts) and don't ask to read unrelated system files. They do recommend storing API credentials in the macOS Keychain and write files under ~/.spend-pulse (chart output), which is expected for a CLI but is OS-specific and does involve persistent credential storage and filesystem writes.
Install Mechanism: concernThere is no install spec in the skill bundle — SKILL.md instructs users to run `npm install -g spend-pulse` or `git clone` from a GitHub repo. That means installing arbitrary third-party code from npm/GitHub is required for full functionality; the platform will not install audited code itself. Installing external packages carries standard supply-chain risks (malicious or vulnerable code). The referenced GitHub repo is a known host (better than an IP or pastebin) but the skill metadata does not prove the repo/package are official.
Credentials: noteThe skill does not require unrelated credentials; it legitimately needs Plaid API credentials and bank authorization via Plaid Link. Those credentials will be collected interactively and stored in macOS Keychain per the instructions (instead of environment variables). This is proportional to the stated purpose, but the keychain approach is platform-specific and not declared in metadata (no OS restriction).
Persistence & Privilege: okThe skill does not request always-on inclusion and no special platform privileges are declared. The default ability for the agent to invoke the skill autonomously is allowed; given the skill can access financial data once credentials are supplied, allow autonomous use only if you trust the installed CLI and its source.