Skillv1.0.0

ClawScan security

Norman: Find Receipts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 8:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, declared dependency, and behavior align with its stated purpose of finding and attaching receipts; it is an instruction-only skill that does not request unrelated credentials or install code.
Guidance: This is an instruction-only receipt-finding helper that tells you how to locate receipts and how to attach them to Norman transactions. It does not itself request credentials or install code, which keeps risk low. However, finding receipts often requires access to sensitive sources (email, cloud storage, vendor portals). Before installing or using the skill, decide whether you will: (a) perform searches and upload files manually (safer), or (b) grant separate tools/skills explicit access to your email/cloud — if you choose (b), review those tools' permissions carefully. Watch for any follow-up prompts that request OAuth access to Gmail/Drive/Dropbox or ask you to forward emails; only grant such access to trusted integrations. If you prefer not to give broad access, provide receipts manually when the agent asks for them.

Review Dimensions

Purpose & Capability: okThe name/description (find and attach receipts) matches the instructions: identify transactions via internal calls (search_transactions, list_attachments) and upload attachments to Norman. The only declared dependency (mcp: norman-finance) is appropriate for a skill that manipulates Norman transactions and attachments. There are no unrelated environment variables, binaries, or install steps.
Instruction Scope: noteInstructions guide the agent/user to search Gmail, vendor portals, cloud storage, and photo libraries and to upload found receipts to Norman. This is consistent with the purpose but is privacy-sensitive: the skill does not itself request email or cloud credentials, so it appears intended as a user-guided workflow rather than an autonomous mailbox crawler. Users should expect that finding receipts may require granting other tools/skills explicit access to their email/cloud or manually providing files.
Install Mechanism: okNo install spec or code files are present (instruction-only). That minimizes risk from arbitrary downloads or disk writes.
Credentials: okThe skill declares no required env vars, credentials, or config paths. Suggested actions (searching Gmail, vendor portals, cloud storage) may require separate credentials in other components, but the skill itself does not request them, which is proportionate to its stated function.
Persistence & Privilege: okalways:false and no install behavior; the skill does not request permanent elevated privileges or modify other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with other red flags here.