bilanz

PassAudited by ClawScan on May 1, 2026.

Overview

This appears benign: it runs a small local script that prints static Austrian balance-sheet headings and does not access files, credentials, networks, or persistent storage.

This skill looks safe from the provided artifacts, but it is very minimal: it prints template headings rather than generating real annual accounts. Treat the output as a simple template, not financial or UGB compliance advice.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI05: Unexpected Code Execution

What this means

Using the skill lets the agent run the included local script, which currently only prints static Bilanz sections and status information.

Why it was flagged

The skill is allowed to execute its included shell script. The script is visible in the artifact set and limited to printing report/status text, so this is expected but still a local execution capability.

Skill content

"permissions": ["exec"],
  "scripts": {
    "main": "scripts/bilanz-check.sh"

Recommendation

Review the script before installing and keep usage to the documented flags; no credentials or elevated permissions appear necessary.