ClawHub
Back to skill
v1.0.0

pocketbook

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This looks like a coherent local bookkeeping skill that saves your transaction history on your device, with no artifact evidence of hidden network sharing or credential use.

GuidanceInstall only if you are comfortable keeping a local transaction ledger under the configured data directory. Protect that folder, review entries when the wording is ambiguous, and avoid storing passwords or other unrelated secrets in notes.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use these scripts:
- `python scripts/append_ledger.py create --data-dir <dir> --payload <json-file-or->`
- `python scripts/append_ledger.py update --data-dir <dir> --payload <json-file-or->`
- `python scripts/append_ledger.py revert --data-dir <dir> --payload <json-file-or->`

The agent is instructed to use local scripts that add, update, and revert ledger events. This is the core bookkeeping function and is append-only, but users should know the skill can mutate the local ledger state.

User impactA misunderstood transaction could create or modify a local bookkeeping record, though the design supports correction and undo through events.
RecommendationReview ambiguous captures, use the recent-entry query when unsure, and correct or revert entries promptly if the agent records the wrong thing.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
references/schema.md
`ledger.jsonl`: append-only event log and source of truth ... `source_text`: original user utterance that caused the event ... `profile.json`: user defaults and aliases

The skill persistently stores personal finance events, the original user utterances, and reusable profile defaults/aliases. This is disclosed and purpose-aligned, but it creates local memory containing sensitive financial context.

User impactAnyone or any process with access to the data directory may be able to read transaction history and profile defaults; stored aliases/defaults may also influence future ledger normalization.
RecommendationKeep the data directory private, avoid putting secrets in transaction notes, and treat stored ledger/profile content as data rather than instructions.