Self-Improving Finance
v1.1.0Captures reconciliation errors, forecast variances, control weaknesses, regulatory gaps, valuation errors, and cash flow anomalies to enable continuous finan...
⭐ 0· 63·0 current·0 all-time
byJosé I. O.@jose-compu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim to capture finance learnings and promote recurring patterns; the repository contains only local logging helpers, hook handlers that inject reminders, and helper scripts to scaffold anonymized learning/skill files. There are no unrelated cloud credentials, network uploads, or unrelated binaries required.
Instruction Scope
Runtime instructions and hooks focus on creating/using a .learnings/ folder, emitting short reminder text, and scanning tool output for finance-related keywords. The error detector reads the CLAUDE_TOOL_OUTPUT environment variable (used to detect finance-related tool output) and the scripts create files under local workspace paths. This is in-scope for the stated purpose, but note: CLAUDE_TOOL_OUTPUT (tool output) may contain sensitive financial text; the skill emphasizes anonymization but will read that data when PostToolUse hooks are enabled.
Install Mechanism
No automated install spec is provided (instruction-only install recommended via ClawdHub or a git clone). The manual install suggestion references a GitHub repo (personal account). There are no downloads from untrusted URLs or archive extraction steps. Before cloning, you may want to inspect the repo upstream (if you trust it) — installing hooks into your OpenClaw workspace will cause the included handler scripts to run as hooks.
Credentials
The skill declares no required environment variables or credentials, and it doesn't attempt to access secret tokens. However, the error-detector script reads CLAUDE_TOOL_OUTPUT (an environment variable provided by host tooling) which is not listed in requires.env — this is expected in the hook context but worth noting because that variable can contain sensitive financial content. No credentials, API keys, or unrelated env vars are requested.
Persistence & Privilege
The skill is not always-enabled; hooks are opt-in and recommended to be enabled by the user. Hook handlers add virtual bootstrap files and the shell scripts create files under the local workspace; they do not attempt to modify other skills or system-wide config. Scripts run with the agent's permissions (documented), so enable them only where you trust the agent runtime.
Assessment
This skill appears internally consistent: it only injects local reminders, creates/initializes .learnings/ log files, and scans tool output for finance keywords. Before installing: (1) prefer project-level hook activation (not global) so reminders run only for finance projects, (2) review the referenced GitHub repo code if you plan to git-clone it, (3) be cautious enabling the PostToolUse/error-detector hook because it reads CLAUDE_TOOL_OUTPUT (which can include sensitive financial text) — the skill asks you to anonymize before logging but the detector will see raw output, (4) inspect and set script file permissions (chmod +x) only when you trust the environment, and (5) confirm you are comfortable with the skill writing files under your workspace (./skills/ or ~/.openclaw/workspace/.learnings). If any of these are unacceptable, skip enabling the hooks or use the activator-only setup described in SKILL.md.Like a lobster shell, security has layers — review code before you run it.
latestvk974hqy7fnc23rzha2mnq4m0nn84tm5z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.