Budget Buddy Pro
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: normieclaw-budget-buddy-pro Version: 1.0.3 Budget Buddy Pro is a well-structured financial management skill that demonstrates high security awareness. It includes explicit prompt-injection defenses in SKILL.md to prevent the agent from following instructions embedded in untrusted financial documents, and it enforces strict local file permissions (chmod 600/700) for sensitive data. The provided scripts (parse-statement.py and generate-budget-report.sh) perform localized data processing and report generation without any evidence of data exfiltration, obfuscation, or unauthorized network activity.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your financial history may remain on disk and may be reused in later budgeting conversations.
The skill intentionally persists parsed bank and credit-card transaction data for later budgeting and summaries.
Save parsed transactions to `data/transactions/YYYY-MM.json`
Use this only on a trusted device, keep disk encryption enabled where possible, review the data directory periodically, and delete stored statements or transaction files you no longer need.
Setup changes files and permissions in the local skill directory. The shown commands are scoped, but they are still local command execution.
The setup flow asks the user's agent to execute local shell commands to create directories, copy config, set permissions, and verify files.
I need you to install the Budget Buddy Pro skill. Run these commands exactly:
Review the setup block before running it and make sure the paths match your intended workspace.
Users could over-rely on the security badge when deciding to upload sensitive financial records.
The README presents a strong security-verification claim, while the supplied artifacts do not provide independent verification beyond the package's own SECURITY.md.
🛡️ **Codex Security Verified**
Treat the badge as a project claim, not independent proof; review your agent platform's data-retention policy before sharing bank statements.