ClawHub

Refund Radar

v1.0.1

Scan bank statements to detect recurring charges, flag suspicious transactions, and draft refund requests with interactive HTML reports.

1· 2k·0 current·0 all-time
byFrancesco@andreolf
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a local-first bank-statement auditor, which fits the described inputs/outputs (CSV parsing, detection rules, HTML reports). However the SKILL.md repeatedly instructs running a Python module (python -m refund_radar) but this skill bundle contains no Python code or install mechanism. Either the skill is an instruction-only wrapper that assumes an external program already exists on the user's system, or the package is incomplete. That mismatch is disproportionate to the stated purpose and should be resolved.
Instruction Scope
Instructions reasonably limit scope to reading user-provided CSV/pasted transaction text and writing reports/state under ~/.refund_radar. SKILL.md explicitly states 'No network calls' and 'No external APIs'. There is no instruction to read other system files or access unrelated env vars. The main concern is that instructions delegate work to a local CLI that isn't provided; if the agent or user installs some other code to satisfy those commands, behavior may differ from what's described here.
!
Install Mechanism
There is no install spec in the skill bundle. The README/changelog and SKILL.md assert 'No external dependencies' and provide CLI usage for a python package, but the bundle lacks that code. That leaves two problematic possibilities: (1) the skill expects the user to separately install https://github.com/andreolf/refund-radar — which must be audited before use — or (2) the agent could try to fetch/execute code from elsewhere to satisfy the CLI, creating a risk. The absence of an included, verifiable install mechanism is a red flag.
Credentials
The skill requires no environment variables, no credentials, and does not request access to unrelated services. It writes persistent state to a user-scoped path (~/.refund_radar) which is proportional to its purpose. Templates include placeholders for card last-4 digits, but that's user-provided data rather than a requested secret.
Persistence & Privilege
The skill writes only to user-home paths (~/.refund_radar/state.json, reports), does not request system-wide changes, and is not configured as always:true. Persistent storage of learned preferences is reasonable for this use case. Confirm permissions and that the path is acceptable for storing sensitive summary data.
What to consider before installing
Key things to check before installing or running: 1) The skill bundle contains only docs, templates, and rules — it does not include the Python code the SKILL.md expects. Verify whether you (or your organization) already have a trusted 'refund-radar' Python package installed; if not, do NOT run arbitrary commands that fetch/execute code without reviewing it. 2) If you plan to install code from the referenced GitHub repo (https://github.com/andreolf/refund-radar), inspect that repository for network calls, telemetry, and how it handles CSV input and state storage before running it on real bank statements. 3) This tool will read sensitive financial data you provide and store analysis under ~/.refund_radar — ensure that location and file permissions meet your privacy requirements and that you back up or securely delete sensitive files when done. 4) The skill claims 'no network calls' — confirm the actual implementation enforces this (offline processing) before supplying real data. 5) The requirement to avoid apostrophes in generated text is odd but harmless; nevertheless, verify generated templates for correctness. If you cannot confirm the upstream code or are unwilling to audit it, treat this skill as untrusted and avoid providing real bank data.

Like a lobster shell, security has layers — review code before you run it.

auditvk978s0m27bs25ttr0rcz9vnwr57zzncfbankvk978s0m27bs25ttr0rcz9vnwr57zzncffinancevk978s0m27bs25ttr0rcz9vnwr57zzncflatestvk978s0m27bs25ttr0rcz9vnwr57zzncfprivacyvk978s0m27bs25ttr0rcz9vnwr57zzncfrefundvk978s0m27bs25ttr0rcz9vnwr57zzncfsubscriptionvk978s0m27bs25ttr0rcz9vnwr57zzncf
2kdownloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Francesco@andreolf
auditbankfinancelatestprivacyrefundsubscription
Download

refund-radar

Scan bank statements to detect recurring charges, flag suspicious transactions, identify duplicates and fees, draft refund request templates, and generate an interactive HTML audit report.

Triggers

  • "scan my bank statement for refunds"
  • "analyze my credit card transactions"
  • "find recurring charges in my statement"
  • "check for duplicate or suspicious charges"
  • "help me dispute a charge"
  • "generate a refund request"
  • "audit my subscriptions"

Workflow

1. Get Transaction Data

Ask user for bank/card CSV export or pasted text. Common sources:

  • Apple Card: Wallet → Card Balance → Export
  • Chase: Accounts → Download activity → CSV
  • Mint: Transactions → Export
  • Any bank: Download as CSV from transaction history

Or accept pasted text format:

2026-01-03 Spotify -11.99 USD
2026-01-15 Salary +4500 USD

2. Parse and Normalize

Run the parser on their data:

python -m refund_radar analyze --csv statement.csv --month 2026-01

Or for pasted text:

python -m refund_radar analyze --stdin --month 2026-01 --default-currency USD

The parser auto-detects:

  • Delimiter (comma, semicolon, tab)
  • Date format (YYYY-MM-DD, DD/MM/YYYY, MM/DD/YYYY)
  • Amount format (single column or debit/credit)
  • Currency

3. Review Recurring Charges

Tool identifies recurring subscriptions by:

  • Same merchant >= 2 times in 90 days
  • Similar amounts (within 5% or $2)
  • Consistent cadence (weekly, monthly, yearly)
  • Known subscription keywords (Netflix, Spotify, etc.)

Output shows:

  • Merchant name
  • Average amount and cadence
  • Last charge date
  • Next expected charge

4. Flag Suspicious Charges

Tool automatically flags:

Flag TypeTriggerSeverity
DuplicateSame merchant + amount within 2 daysHIGH
Amount Spike> 1.8x baseline, delta > $25HIGH
New MerchantFirst time + amount > $30MEDIUM
Fee-likeKeywords (FEE, ATM, OVERDRAFT) + > $3LOW
Currency AnomalyUnusual currency or DCCLOW

5. Clarify with User

For flagged items, ask in batches of 5-10:

  • Is this charge legitimate?
  • Should I mark this merchant as expected?
  • Do you want a refund template for this?

Update state based on answers:

python -m refund_radar mark-expected --merchant "Costco"
python -m refund_radar mark-recurring --merchant "Netflix"

6. Generate HTML Report

Report saved to ~/.refund_radar/reports/YYYY-MM.html

Copy template.html structure. Sections:

  • Summary: Transaction count, total spent, recurring count, flagged count
  • Recurring Charges: Table with merchant, amount, cadence, next expected
  • Unexpected Charges: Flagged items with severity and reason
  • Duplicates: Same-day duplicate charges
  • Fee-like Charges: ATM fees, FX fees, service charges
  • Refund Templates: Ready-to-copy email/chat/dispute messages

Features:

  • Privacy toggle (blur merchant names)
  • Dark/light mode
  • Collapsible sections
  • Copy buttons on templates
  • Auto-hide empty sections

7. Draft Refund Requests

For each flagged charge, generate three template types:

  • Email: Formal refund request
  • Chat: Quick message for live support
  • Dispute: Bank dispute form text

Three tone variants each:

  • Concise (default)
  • Firm (assertive)
  • Friendly (polite)

Templates include:

  • Merchant name and date
  • Charge amount
  • Dispute reason based on flag type
  • Placeholders for card last 4, reference number

Important: No apostrophes in any generated text.

CLI Reference

# Analyze statement
python -m refund_radar analyze --csv file.csv --month 2026-01

# Analyze from stdin
python -m refund_radar analyze --stdin --month 2026-01 --default-currency CHF

# Mark merchant as expected
python -m refund_radar mark-expected --merchant "Amazon"

# Mark merchant as recurring
python -m refund_radar mark-recurring --merchant "Netflix"

# List expected merchants
python -m refund_radar expected

# Reset learned state
python -m refund_radar reset-state

# Export month data
python -m refund_radar export --month 2026-01 --out data.json

Files Written

PathPurpose
~/.refund_radar/state.jsonLearned preferences, merchant history
~/.refund_radar/reports/YYYY-MM.htmlInteractive audit report
~/.refund_radar/reports/YYYY-MM.jsonRaw analysis data

Privacy

  • No network calls. Everything runs locally.
  • No external APIs. No Plaid, no cloud services.
  • Your data stays on your machine.
  • Privacy toggle in reports. Blur merchant names with one click.

Requirements

  • Python 3.9+
  • No external dependencies

Repository

https://github.com/andreolf/refund-radar

Comments

Loading comments...