Norman: Categorize Transactions
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: norman-categorize-transactions Version: 1.0.0 The skill bundle defines a workflow for categorizing bank transactions using a set of specific APIs provided by a 'norman-finance' platform. The `SKILL.md` instructions guide the AI agent through legitimate financial operations like fetching, categorizing, and linking transactions and attachments. There is no evidence of prompt injection attempts, malicious execution, data exfiltration, persistence mechanisms, or obfuscation within the provided files. All actions described are consistent with the stated purpose of financial bookkeeping.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect automated changes could affect accounting records, invoice reconciliation, financial reporting, or tax/bookkeeping review.
These are high-impact bookkeeping mutations. The artifact says to present transactions in batches for review, but it does not clearly require explicit user confirmation before categorizing, linking, or marking records verified.
Use `categorize_transaction` to assign the correct bookkeeping category ... Use `link_transaction` to connect the payment to the invoice ... use `change_transaction_verification` to mark transactions as verified.
Require explicit user approval before each batch of changes, show the exact proposed updates, and avoid marking transactions verified until the user confirms.
The connected agent may be able to view or act on bank transactions, invoices, receipts, and bookkeeping entries available through the configured Norman Finance account.
The skill depends on a Norman Finance MCP integration, which likely provides delegated access to financial/accounting data. This is expected for the purpose, but users should recognize the sensitivity of that access.
requires:
mcp:
- norman-financeConnect only a trusted Norman Finance MCP server/account and ensure its permissions are limited to the bookkeeping tasks you intend to perform.
Receipts and related financial details may be processed by the connected Norman Finance tooling.
The workflow may send receipt documents and transaction context through the configured MCP/provider tools. That is purpose-aligned, but the artifact does not describe retention, sharing, or data-boundary details.
Use `upload_bulk_attachments` for multiple receipts ... Use `link_attachment_transaction` to connect receipts to transactions
Upload only receipts intended for Norman Finance, and review the provider/MCP data handling and retention settings before using bulk attachment features.