Plutus Lite — Expense Tracker (Free)
PassAudited by ClawScan on May 10, 2026.
Overview
The visible skill appears to locally summarize pasted expenses, with the main caution being a user-directed Python package install that can modify the local Python environment.
This looks like a local expense-summary helper. Use a virtual environment if you install the Rich dependency, and avoid pasting account numbers, passwords, or other unnecessary financial details into EXPENSES_TEXT.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this dependency could change your local Python environment or pull whatever version of the package is current at install time.
The setup step installs an unpinned third-party Python package and uses a flag that can modify an externally managed Python environment. It is disclosed and user-directed, so this is a supply-chain/setup caution rather than a suspicious behavior by itself.
pip3 install rich --break-system-packages --quiet
Prefer installing in a virtual environment or pinning a known-good version of the package instead of using --break-system-packages on a system Python installation.