Firm Fintech Pack
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the recommended companion skills could add new capabilities beyond this instruction-only bundle.
The skill recommends user-run installation of multiple companion skills using the latest tag. This is disclosed and purpose-aligned, but those additional skills and versions are outside this artifact and should be reviewed before installation.
npx clawhub@latest install biz-reporter ... npx clawhub@latest install firm-orchestration
Review each companion skill’s permissions, source, and version before installing it, and prefer pinned versions where possible.
Sensitive financial details could be shared across spawned sessions or retained in session history if users provide real data.
The declared tools allow creating sessions, sending messages, and reading session history. That fits the firm-orchestration purpose, but fintech workflows may route sensitive transaction or customer context across agent sessions.
tools:\n - sessions_send\n - sessions_spawn\n - sessions_history
Use anonymized inputs where possible, confirm which sessions receive data, and keep regulatory reviews read-only as the skill suggests.
A user might assume secure/read-only modes are automatically active when they may need to be configured separately.
The skill’s safety posture depends on environment flags, but the supplied registry metadata declares no required environment variables. Users should treat these as manual configuration guidance rather than enforced controls.
Financial data is tier-1 sensitive: `SECURE_PRODUCTION_MODE=true` mandatory ... `READ_ONLY_MODE=true` for all regulatory review workflows
Manually verify secure production, audit logging, and read-only settings before processing real financial or regulatory data.