Back to skill
Skillv98.0.1
ClawScan security
Financial Analysis Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 5:22 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only financial analysis guide whose requirements and instructions match its stated purpose and do not request extra system access or credentials.
- Guidance
- This skill is an instruction-only finance reference and appears internally consistent. Before using it with real data, remember: (1) it is not a certified compliance/audit tool — follow your legal and accounting controls for filings and audit work; (2) the package origin is anonymous (no homepage/author), so treat it as unvetted reference material rather than an endorsed product; and (3) avoid pasting sensitive credentials or personally identifying information into prompts — the skill itself doesn't request secrets, but your agent may log or transmit inputs depending on platform settings.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md content: accounting methodologies, variance analysis, cash-flow forecasting, and month-end close guidance. The skill declares no binaries, env vars, or installs — consistent with an instruction-only reference.
- Instruction Scope
- okSKILL.md contains domain-specific procedures, formulas, thresholds, and checklists. It does not instruct the agent to read arbitrary system files, access credentials, call external endpoints, or transmit data outside of normal use; it stays within the financial-analysis domain.
- Install Mechanism
- okNo install spec and no code files are present, so nothing is written to disk or fetched at install time. This is the lowest-risk pattern for a skill of this type.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a guidance-only financial analysis skill.
- Persistence & Privilege
- okThe skill is not always-on and does not request elevated persistence or system configuration changes. Autonomous invocation is allowed by platform default, which is expected for skills.