Budget Vs Actual
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or organization could unintentionally receive, index, or reuse another client’s confidential financial details when installing or using the skill package.
The distributed artifact appears to include named client financial information from a real engagement. This is not needed for the skill’s operation and could expose sensitive business data to anyone installing or reviewing the skill.
Applied the budget-vs-actual skill to a real client engagement: SB Paulson LLC, a salon/spa business generating ~$210K/month in revenue. Used actual P&L data for Jan–Feb 2026
Remove the dogfood report or replace it with fully synthetic, anonymized sample data before distribution.
The agent may process confidential company budgets, accounting exports, and management reporting data.
The skill expects users to provide internal financial documents and accounting exports. That is purpose-aligned, but these inputs are sensitive and should be handled carefully.
Budget/forecast file (CSV, Sheets, or typed data) ... Actuals file or QBO export ... Chart of Accounts mapping
Use only intended files, avoid unnecessary client or employee details, and confirm where generated reports will be stored or shared.