Back to skill
Skillv0.1.0
ClawScan security
Splitwise · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 10:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and code are consistent with its stated purpose: it only needs a Splitwise API token and uses a small Python script to call Splitwise's create_expense endpoint.
- Guidance
- This skill appears coherent: it will send expense details and your SPLITWISE_API_KEY to Splitwise's official API. Only install it if you trust Splitwise and you are comfortable storing a long-lived token in your environment. Consider using a dedicated Splitwise account or token with limited scope (if possible), rotate the token if you suspect compromise, and review the add_expense.py script before use. Also be aware the agent can call this tool autonomously when asked to manage expenses.
Review Dimensions
- Purpose & Capability
- okName/description (Splitwise: create/manage expenses) match the requested credential (SPLITWISE_API_KEY) and the shipped script. No unrelated secrets, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md and scripts only describe creating expenses and querying Splitwise endpoints. The runtime instructions and add_expense.py limit actions to constructing the expense payload and POSTing to https://secure.splitwise.com/api/v3.0/create_expense. The script does not read other files or environment variables beyond SPLITWISE_API_KEY.
- Install Mechanism
- okNo install spec — instruction-only with a small Python script. Nothing is downloaded from arbitrary URLs and no archive extraction or external installer is used.
- Credentials
- okOnly one environment variable (SPLITWISE_API_KEY) is required and is appropriate for calling the Splitwise API. The code only reads that variable and sends it in the Authorization header to Splitwise, which matches the declared purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or modify other skills. Model invocation is allowed (platform default) but there are no other elevated privileges requested.