Budget Data Model Skills

PassAudited by ClawScan on May 1, 2026.

Overview

This is an instruction-only budget database schema reference with no code, install steps, credentials, or hidden execution behavior shown.

This skill appears safe as a schema reference. Before using generated database queries in a real budget system, verify the table names, filters, and permissions so the query does not expose more financial data than intended.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

A generated query could read broad budget data if the user runs it with database access.

Why it was flagged

The skill documents how to generate and run database queries, including raw SQL-style querying. This is directly related to the stated purpose of helping users understand and query budget data models, but it could affect real financial/business data if used without review.

Skill content

def sql = """SELECT * FROM "表名" WHERE 条件"""
def 结果 = DataModelUtils.queryForListMap(sql, null)

Recommendation

Review any generated SQL or DataModelUtils calls, use parameterized filters, and run queries only with the minimum database permissions needed.