Skillv98.0.1

ClawScan security

AR Collections Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 5:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with an AR collections assistant that works from CSV/QBO exports and drafts emails; it makes no unexplained credential or install demands.
Guidance: This skill appears to do what it says: analyze aged receivables, prioritize accounts, and draft emails. Before installing, confirm: (1) you are comfortable with the agent storing payment promises in agent memory (ask how long memory/ar-promise-tracker.md is retained and how to delete it); (2) you will not grant the agent permission to send emails or modify QBO without explicit human approval (the skill warns about this, but platform settings matter); (3) if you use the "direct QBO" flow, only use a trusted qbo-automation integration and limit the scope of QBO credentials; and (4) review the email templates and escalation guardrails to ensure legal/firm compliance. If any of these points are unclear, ask the skill author for details on memory retention, approval enforcement, and how the direct-QBO integration is intended to be wired.

Review Dimensions

Purpose & Capability: okName/description match the behavior in SKILL.md: aging analysis, prioritization, email drafts, DSO/KPI calculations, payment tracking, and reserve recommendations. It accepts CSV/QBO exports and references optional direct QBO access via a separate qbo-automation skill; not requesting QBO credentials itself is reasonable for an instruction-only skill that expects either exported data or another skill to supply API access.
Instruction Scope: noteInstructions stay within AR workflows (parse invoice CSVs, compute KPIs, draft templates, track payment promises). Minor scope notes: (1) it writes tracker state to memory/ar-promise-tracker.md if persistence is requested — this persists PII/financial data in agent memory and should be managed; (2) it references attaching invoice PDFs and implies reading invoice files when available; (3) it references direct QBO API use via qbo-automation (composition risk if that other skill has broad credentials). Guardrails explicitly require approval before sending emails or performing writes.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by an installer step beyond optional memory persistence controlled at runtime.
Credentials: okNo environment variables or credentials are requested by this skill, which is proportionate for a tool that can operate from exported CSVs. If you choose to use the direct-QBO path, credentials would be required by the qbo-automation skill (not this skill); verify that those credentials are only granted to the intended integration.
Persistence & Privilege: notealways:false (normal). The only persistence mentioned is saving a promise tracker to memory/ar-promise-tracker.md when requested — this is reasonable but means sensitive AR data may be stored in agent memory. Because model invocation is allowed (default), an agent could autonomously use this skill in workflows; ensure approval guardrails are enforced and review how long memory is retained and who can access it.