Back to skill
Skillv1.0.0
ClawScan security
Personal Finance Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested artifacts, runtime instructions, and included script are consistent with a local personal-finance tool that stores data in a local SQLite DB and explicitly forbids network exfiltration.
- Guidance
- This skill appears coherent and local-only: it creates and uses a SQLite DB in the skill workspace and the SKILL.md explicitly forbids transmitting DB contents. Before installing, consider: 1) confirm you trust the agent/runtime to obey the guardrails (the code does not itself enforce 'amount > 0' or limit SQL statements); 2) if you need stronger guarantees, add server-side checks (e.g., enforce positive amounts in DB schema or use triggers) or run the skill in an environment with network egress blocked so exfiltration is impossible; 3) review/backup the DB path (~/.openclaw/workspace/skills/personal-finance/finance.db) and ensure its filesystem permissions are appropriate; 4) if you want stricter enforcement of SQL-scope, modify the code to use parameterized accessors and a minimal API rather than relying solely on agent-side instructions.
Review Dimensions
- Purpose & Capability
- okName/description match the contents: an instruction-only personal finance skill with a local SQLite DB initializer. No unrelated credentials, binaries, or external integrations are requested.
- Instruction Scope
- noteSKILL.md limits operations to local INSERT/SELECT/UPDATE and forbids sending finance.db off-machine. However, validation and SQL-scope enforcement are expressed as guardrails in prose (agent responsibility) rather than implemented in the provided code. The init script only creates schema and presets; it does not enforce 'amount > 0' or restrict future SQL executed by the agent.
- Install Mechanism
- okNo install spec or downloads. The only code is a small local Python script (init_db.py) that initializes a DB under the skill workspace — low installation risk.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths outside its workspace; requested access is proportionate to the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide changes or to modify other skills. It can be invoked autonomously (default), which is expected for skills; this combined with local-only data storage keeps the privilege footprint small.