Norman: Expense report
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: norman-expense-report Version: 1.0.0 The skill bundle is benign. The `SKILL.md` file provides clear instructions for the AI agent to generate an expense report by calling specific internal APIs (`search_transactions`, `get_company_balance`) and processing the results. There are no instructions for arbitrary command execution, data exfiltration, persistence, or any other malicious activities. The `homepage` URL `https://norman.finance` in the metadata is informational and not an instruction for the agent to interact with.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may see transaction amounts, vendors, categories, and company balance information while preparing the report.
The skill asks the agent to use finance-account tools to retrieve transaction history and company balance data. This is expected for an expense report, but it is delegated access to sensitive financial information.
- Call `search_transactions` for the specified period (default: last month) - Filter for outgoing transactions (expenses only, exclude income) - Call `get_company_balance` for current balance context
Install or invoke this only if you trust the Norman finance MCP connection and intend the agent to access the requested financial period and related balance context.
Financial data retrieved from the MCP connector may be included in the agent's working context and final report.
The skill depends on an external MCP connector for finance data. This is disclosed and purpose-aligned, but users should understand that sensitive financial data is being exchanged through that connector.
metadata:
openclaw:
homepage: https://norman.finance
requires:
mcp:
- norman-financeUse a trusted Norman finance MCP configuration and request the narrowest reporting period needed.