v1.0.0

Bkash-Nagad-Tracker

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:07 AM.

Analysis

This expense tracker mostly matches its stated purpose, but it says financial data stays local while the code can send transaction text and weekly spending totals to Anthropic.

GuidanceBefore installing, assume some transaction details and weekly spending summaries may be sent to Anthropic using your API key. Install only if you are comfortable with that provider processing this financial data, and consider disabling the weekly heartbeat or using a local-only summary path until the privacy documentation and opt-out controls are clarified.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityHighConfidenceHighStatusConcern

README.md

No cloud sync. No third-party servers. Your financial data never leaves your device.

This privacy claim conflicts with the included code paths that call Anthropic with transaction messages and spending summaries, which could cause users to trust the skill under a false local-only assumption.

User impactA user may install it believing their financial activity remains entirely on-device, when some data can be sent to a third-party AI provider.

RecommendationRevise the documentation to clearly state exactly what data is sent to Anthropic, when it is sent, and how users can opt out or use a local-only mode.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

heartbeat:\n      schedule: "0 9 * * 0"\n      command: "python3 {baseDir}/summarizer.py weekly"

The skill declares a recurring heartbeat that runs the weekly summarizer automatically, which is aligned with the advertised Sunday digest but still creates ongoing autonomous activity.

User impactThe skill can continue producing weekly digests without a fresh prompt each time.

RecommendationEnsure users can easily disable the heartbeat and understand whether scheduled digests use Anthropic or only local formatting.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

python3 {baseDir}/parser.py "{user_message}"

The instructions place user-controlled message text into a shell-style command example; this is central to the skill, but safe argument handling should be explicit.

User impactMalformed transaction text could cause parsing or command-invocation issues if not passed safely by the host agent.

RecommendationPrefer argument-vector execution or explicit escaping for user-provided text rather than shell-string interpolation.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

primaryEnv: ANTHROPIC_API_KEY\n    requires:\n      env:\n        - ANTHROPIC_API_KEY

The skill requires an Anthropic API key, which is expected for its LLM parsing and digest features and is disclosed in the skill metadata.

User impactThe skill can make Anthropic API calls billed to or associated with the user's Anthropic account.

RecommendationUse a revocable, least-privilege API key where possible and monitor provider usage.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

parser.py

Message: "{message}" ... response = client.messages.create(

The parser includes the raw user message in an Anthropic API request when falling back to Claude, and those messages can contain amounts, payment methods, recipients, and spending notes.

User impactComplex or Bengali transaction messages may leave the device and be processed by Anthropic using the user's API key.

RecommendationMake external parsing explicit and opt-in, provide a reliable local-only parsing option, and avoid sending raw transaction text unless the user has agreed.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

summarizer.py

- By category: {json.dumps(dict(top_categories), ensure_ascii=False)}\n- By method: {json.dumps(stats['by_method'], ensure_ascii=False)} ... response = client.messages.create(

The weekly digest generator sends spending totals by category and payment method to Anthropic, even though the README describes the external API call as being for natural-language parsing.

User impactWeekly financial patterns and payment-method usage may be shared with Anthropic, including during scheduled digests.

RecommendationDisclose summary-generation API calls separately, offer a default local summary path, and avoid automatic provider calls unless the user has enabled them.