Budget Buddy Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
Before installing, be comfortable with an AI agent seeing your bank-statement contents, and check your agent platform's retention policy. Run the setup commands only in the intended workspace, keep the generated data directory private, and delete stored financial files when you no longer need them. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your financial history may remain on disk and may be reused in later budgeting conversations.
The skill intentionally persists parsed bank and credit-card transaction data for later budgeting and summaries.
Save parsed transactions to `data/transactions/YYYY-MM.json`
Use this only on a trusted device, keep disk encryption enabled where possible, review the data directory periodically, and delete stored statements or transaction files you no longer need.
Setup changes files and permissions in the local skill directory. The shown commands are scoped, but they are still local command execution.
The setup flow asks the user's agent to execute local shell commands to create directories, copy config, set permissions, and verify files.
I need you to install the Budget Buddy Pro skill. Run these commands exactly:
Review the setup block before running it and make sure the paths match your intended workspace.
Users could over-rely on the security badge when deciding to upload sensitive financial records.
The README presents a strong security-verification claim, while the supplied artifacts do not provide independent verification beyond the package's own SECURITY.md.
🛡️ **Codex Security Verified**
Treat the badge as a project claim, not independent proof; review your agent platform's data-retention policy before sharing bank statements.