ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BS Deep Analysis

v1.0.2

Controller-level Balance Sheet deep analysis from QuickBooks Online. Pulls current and prior period BS, runs 3-month rolling averages, GL drill-down for mate...

0· 212·1 current·1 all-time
by@samledger67-dotcom

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for samledger67-dotcom/bs-deep-analysis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "BS Deep Analysis" (samledger67-dotcom/bs-deep-analysis) from ClawHub.
Skill page: https://clawhub.ai/samledger67-dotcom/bs-deep-analysis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bs-deep-analysis

ClawHub CLI

Package manager switcher

npx clawhub@latest install bs-deep-analysis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is to pull data from QuickBooks Online (QBO) and run a local Python pipeline. However, the package declares no required credentials, no primary credential, and no config paths even though the SKILL.md repeatedly references a 'qbo-client' connection and a sandbox flag. That is inconsistent: a QBO integration normally requires API keys/tokens or a configured client. Also the SKILL.md references a local script path (scripts/pipelines/bs-deep-analysis.py) that is not included in the skill bundle.
!
Instruction Scope
Instructions direct running a local Python script, accessing QBO to pull multiple reports (BS snapshots, GL, P&L), and writing cache and Excel outputs to disk. The instructions also reference a configurable limit (GL_MAX_ROWS_PER_ACCOUNT). The skill does not instruct exfiltration to external endpoints, but it does assume access to QBO credentials and local filesystem paths (.cache and output dirs). The combination of assuming privileged access (QBO) and missing authentication details is a scope/information gap that could lead users to supply credentials without knowing where code runs.
Install Mechanism
This is an instruction-only skill with no install spec and no included code files. That lowers installation risk (nothing is downloaded or written by an install step). However, the SKILL.md expects a local script to exist; since it's not present, users would need to obtain that code from elsewhere — which is an operational/verification risk but not an install-time code injection in this bundle.
!
Credentials
No environment variables or credentials are declared in the registry metadata, yet the run instructions require a 'qbo-client' connection and mention a configurable GL_MAX_ROWS_PER_ACCOUNT. A QBO integration is expected to need API credentials or an OAuth client — asking for those implicitly while declaring none is disproportionate and opaque. Users could be prompted to provide sensitive QuickBooks credentials without clarity on where/how they're stored or used.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes a cache file under .cache/bs-deep-analysis/{slug}.json and outputs Excel files to a user directory by default, which is consistent with its stated CDC/cache behavior. Persisting run caches is expected, but users should be aware these caches will contain financial data on disk.
Scan Findings in Context
[no_code_files_found] unexpected: The static scanner found no code files because this is an instruction-only skill, but the SKILL.md points to a local Python script (scripts/pipelines/bs-deep-analysis.py) that is not included. For a skill that instructs running code that accesses QBO, the absence of that code is unexpected and concerning.
What to consider before installing
Do not run or supply credentials to this skill yet. The SKILL.md expects a local pipeline script and a connected 'qbo-client' but the skill bundle contains no code and declares no QBO credentials—this is an incoherence. Before installing or using: 1) Ask the publisher for the source repository or the exact script referenced (verify its code and origin). 2) Confirm what authentication method is used for QBO (OAuth client, API key, service account) and where credentials are stored; never paste secrets into an unverified interface. 3) Verify how GL_MAX_ROWS_PER_ACCOUNT (and any other config) is set and whether any sensitive data is transmitted off your machine. 4) Run the pipeline in a controlled environment (sandbox VM) first and inspect .cache files and generated Excel output for unexpected network calls or telemetry. If the publisher cannot provide a trustworthy code repo and explicit credential requirements, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nk8yxkfdvk4y29yhz2mnj983c0zs
212downloads
0stars
3versions
Updated 22h ago
v1.0.2
MIT-0
@samledger67-dotcom
latest
Download

BS Deep Analysis

What This Skill Does

Controller-level Balance Sheet deep analysis from QuickBooks Online. Mirrors the P&L Deep Analysis pattern but for the balance sheet — pulls current + prior period BS, runs 3-month rolling averages, GL drill-down for material changes, and generates a 7-tab Excel workbook with actionable findings.

Use when:

  • Monthly close deliverable needs a BS review (not just a P&L comparison)
  • Client needs working capital health check or current ratio flag
  • Equity rollforward reconciliation is needed for a close
  • Material balance changes on cash, AR, inventory, or debt need narrative explanation
  • Common-size (vertical) analysis is required for a lender or board report

NOT for:

  • Cash flow statement analysis — use a dedicated CF pipeline
  • P&L variance analysis — use pl-deep-analysis.py
  • Multi-entity consolidations — this is a single-entity BS pipeline
  • Real-time balance changes (it's snapshot-based, not bank-feed)

Pipeline Location

scripts/pipelines/bs-deep-analysis.py

Cache directory: .cache/bs-deep-analysis/{slug}.json

Usage

# Current month-end vs. auto prior month-end
python3 scripts/pipelines/bs-deep-analysis.py \
  --slug sb-paulson --current-end 2026-03-31

# Explicit prior period
python3 scripts/pipelines/bs-deep-analysis.py \
  --slug sb-paulson \
  --current-end 2026-03-31 --prior-end 2026-02-28

# Skip GL drill-down (faster, no vendor-level detail)
python3 scripts/pipelines/bs-deep-analysis.py \
  --slug sb-paulson --current-end 2026-03-31 --skip-gl

# Custom output directory
python3 scripts/pipelines/bs-deep-analysis.py \
  --slug glowlabs --current-end 2026-03-31 --out ~/Desktop/reports

# QBO sandbox
python3 scripts/pipelines/bs-deep-analysis.py \
  --slug sb-paulson --current-end 2026-03-31 --sandbox

Arguments

ArgumentRequiredDescription
--slugQBO company slug (must be connected in qbo-client)
--current-endAs-of date for current BS (YYYY-MM-DD)
--prior-endPrior period as-of date (auto = prior month-end)
--skip-glSkip GL drill-down (faster)
--outOutput directory (default: ~/Desktop)
--sandboxUse QBO sandbox environment

What It Pulls from QBO

  1. Balance Sheet (as-of) — current period
  2. Balance Sheet (as-of) — prior period
  3. Balance Sheet (as-of) — 3 prior month-ends for rolling averages
  4. General Ledger — current period GL for flagged accounts (unless --skip-gl)
  5. P&L — current period net income for equity rollforward

Analysis Modules

1. Horizontal Analysis (Period-over-Period)

  • Every BS line: prior → current → $ change → % change
  • Material threshold: ≥$2,500 absolute OR ≥10% change rate
  • Flagged accounts sorted by absolute dollar change

2. Vertical Analysis (Common-Size)

  • Every BS line as % of total assets
  • Prior period % vs. current period %
  • % point change highlights structural shifts

3. 3-Month Rolling Averages

  • Pulls 3 prior month-end BS snapshots
  • Per-account rolling average as trend baseline
  • Rolling delta and rolling % vs. current balance

4. GL Drill-Down

  • Transaction-level detail for all flagged accounts
  • Vendor/payee aggregation: top contributors by dollar
  • Max 50 transactions per account (configurable via GL_MAX_ROWS_PER_ACCOUNT)

5. Working Capital Deep Dive

  • Current assets vs. current liabilities decomposition
  • Current ratio, quick ratio, cash ratio
  • WC delta decomposed: cash change, AR change, inventory change, AP change
  • Health classification: HEALTHY / WATCH / CRITICAL

6. Debt Schedule Analysis

  • Short-term vs. long-term debt split
  • D/E ratio and D/A ratio
  • ST concentration warning: flags if ST > 60% of total debt
  • Leverage risk classification: LOW / LOW-MEDIUM / MEDIUM / HIGH

7. Equity Rollforward

Beginning Equity
+ Net Income
− Distributions / Owner Draws
+ New Contributions / Paid-in Capital
= Computed Ending Equity
vs. Ending Equity per BS (reconciling difference flagged if ≥ $500)
  • Retained earnings bridge separately
  • Reconciling difference investigation prompt

8. Controller Findings

  • Narrative: "Cash decreased $45K because AP payments of $60K exceeded collections of $15K"
  • Urgency-tagged: HIGH / MEDIUM / LOW
  • GL vendor attribution embedded in findings

9. Action Proposals

  • Specific recommended actions per finding
  • Urgency-ranked: HIGH → MEDIUM → LOW
  • Categories: LIQUIDITY, CASH MANAGEMENT, COLLECTIONS, INVENTORY, DEBT MANAGEMENT, LEVERAGE, EQUITY INTEGRITY, BALANCE SHEET

10. CDC (Change Data Capture)

  • Compares current BS flat map vs. prior run cache
  • Tracks: new accounts, removed accounts, balance changes
  • Cache saved to .cache/bs-deep-analysis/{slug}.json

Excel Output — 7 Tabs

TabContents
SummaryKPI table, key ratios, controller findings, action proposals
DetailFull BS with prior/current/delta/rolling avg per account
⚠ FlagsMaterial change accounts + findings summary
GL Drill-DownTransaction-level detail for flagged accounts
Common-Size AnalysisVertical analysis: each line as % of total assets
Equity RollforwardPeriod reconciliation + retained earnings bridge
CDC LogBalance changes vs. last pipeline run

Materiality Thresholds

MetricThreshold
Absolute change≥ $2,500
Percentage change≥ 10%
Equity change (tighter)≥ 5%
Working capital watchCurrent ratio < 1.5x
Working capital criticalCurrent ratio < 1.0x
ST debt concentration warningST debt > 60% of total
Equity rollforward diff flag≥ $500

Dependencies

pip install openpyxl
Node.js QBO client with valid auth token

QBO auth token must be set (same as all other pipelines).

Related Pipelines

PipelineFileWhen to Use
P&L Deep Analysispl-deep-analysis.pyIncome statement controller review
Financial Ratiosfinancial-ratios.pyFull ratio suite (uses BS data)
BS Deep Analysisbs-deep-analysis.pyThis pipeline — balance sheet focus

Notes

  • All math uses Python Decimal — no float rounding errors
  • GL account names must match BS account names for drill-down attribution (QBO may use slightly different names between reports)
  • Prior month-end is auto-calculated if --prior-end is omitted (always safe for monthly close)
  • --skip-gl reduces runtime significantly; use for quick runs when vendor detail is not needed
  • CDC cache is per-slug; running for a new slug always starts fresh (first run snapshot only)

Comments

Loading comments...