Plutus — God of Wealth
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could change the local Python environment, and the exact package version is not fixed.
The skill instructs installation of an unpinned PyPI package and uses a flag that bypasses system Python package protections. This is disclosed and related to report formatting, but it still carries normal package supply-chain and environment-modification risk.
pip3 install rich --break-system-packages --quiet
Install in a virtual environment when possible, consider pinning a known-good version of 'rich', and avoid '--break-system-packages' unless you understand the impact.
Private spending or business expense information may remain on disk after the skill runs.
The skill processes personal or business financial transactions and creates persistent local report files. This is purpose-aligned, and the artifact claims no data is transmitted, but the saved reports may contain sensitive financial summaries.
Paste raw text, a list, or point to a CSV of transactions... Export: Markdown report + CSV summary saved to disk
Use only trusted local files, review where the report is saved, and delete or protect generated reports if they contain sensitive financial data.