Skillv1.0.0

ClawScan security

Expense Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 22, 2026, 5:40 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a local-only expense tracker — it only reads/writes files under a single user directory and asks for shell-based initialization — but it relies on shell execution (exec) so you should review agent permissions before installing.
Guidance: This skill appears to do what it says: store and manage expenses locally. Before installing, verify the agent runtime will not give this skill network access or additional tools (exec here allows arbitrary shell commands). Consider these steps: 1) Confirm the agent does not have network/networking tools or other elevated permissions that could transmit files. 2) Review the initial shell commands in SKILL.md (mkdir, for-loop, echo) to ensure they are acceptable in your environment. 3) Back up or encrypt financial JSON files if you store sensitive data. 4) Test in a sandbox or low-privilege account first to confirm behavior. If you need stronger guarantees that data never leaves the device, also confirm the platform enforces no-network and no-remote-exec policies for skills.

Purpose & Capability: okName/description match the behavior in SKILL.md: it creates and manages local JSON files for expenses, budgets, income, goals, and settings. The declared need to read and write local files is proportional to the stated purpose; no unrelated cloud credentials or services are requested.
Instruction Scope: noteRuntime instructions are focused on the expense-tracking task and explicitly limit data I/O to ~/.openclaw/expense-tracker/. However the SKILL.md instructs use of shell commands (mkdir, for-loop, echo, file checks). Those commands are consistent with the described setup but using exec gives broad ability to run arbitrary shell commands if the agent misuses that capability.
Install Mechanism: okNo install spec and no code files (instruction-only). This is low-risk from an install perspective because nothing is downloaded or written beyond the local data files the skill itself requests.
Credentials: okThe skill requests no environment variables or external credentials. The only declared capabilities are read/exec/write for local files, which align with creating and managing the JSON data files. No unrelated secrets or config paths are requested.
Persistence & Privilege: okalways:false and the skill stores data only under its own ~/.openclaw/expense-tracker/ path. It does not request system-wide changes or modification of other skills' configs. It does request exec access for initialization, which is a limited but notable privilege.