OPC Cashflow Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears focused on local cash-flow forecasting, but it stores sensitive business financial details and may run a local helper to import invoice data.
This looks reasonable for a local cash-flow forecasting skill. Before installing, verify the source you install from, avoid cloning unrelated skills unless you have reviewed them, run the helper only against intended cashflow and invoice folders, and keep generated cashflow snapshots out of public or shared repositories.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may update local cash-flow files using invoice data as part of a forecast workflow.
The workflow can invoke a local Python helper that reads invoice data and imports it into cash-flow forecasting. This is disclosed and purpose-aligned, but users should ensure the paths are the intended local business-data directories.
Run: `python3 [skill_dir]/scripts/cashflow_tracker.py [cashflow_dir] --import-invoices [invoices_dir] --json`
Confirm the cashflow and invoice directories before use, and review generated snapshots or reports before relying on them for business decisions.
Following the full-suite clone instruction could add other skills or code outside this review.
The documented manual install option clones a full external skill suite, not just this reviewed skill. This is user-directed and not automatic, but it means a user could install additional unreviewed artifacts if they follow that option.
git clone https://github.com/LeonFJR/opc-skills.git ~/.claude/skills/opc-skills
Prefer a trusted package source or copy only this skill after reviewing the repository contents.
Private cash-flow, client, invoice, and expense details could remain in project files and be exposed if the folder is shared, synced, or committed.
The skill persists cash position, expected inflows, outflows, recurring commitments, and alerts in local snapshot files. That storage is central to the purpose, but it may contain sensitive business financial information.
All data is stored in `cashflow/snapshots/{YYYY-MM}/snapshot.json`.Keep the cashflow directory private, exclude it from public repositories, and redact sensitive client or financial details when sharing reports.