ClawHub

Pension

v2.0.0

A focused personal finance tool built for Pension. Log entries, review trends, and export reports — all locally.

0· 159·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior in the included script: a local CLI that records and exports logs. Minor inconsistency: SKILL.md assumes a 'pension' command is available, and a scripts/script.sh is included, but there is no install spec telling how the script becomes the 'pension' command.
Instruction Scope
SKILL.md instructs the agent to run local pension commands and shows local status/export operations. The instructions and script only read/write files under the data dir and do not reference unrelated system paths, credentials, or external endpoints.
Install Mechanism
No install spec is provided (instruction-only), yet a runnable script is included. That is not dangerous, but it means the agent/user must install or invoke the script manually (e.g., place it on PATH) — the package does not auto-install a binary.
Credentials
The skill requests no environment variables, no credentials, and uses only the user's HOME directory (~/.local/share/pension) for storage — proportional to its stated offline purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It only writes to its own data directory and log files.
Assessment
This skill appears to be a simple offline CLI that stores plain-text logs under ~/.local/share/pension and does not contact external servers. Before installing, note: (1) there is no automated install — you must place scripts/script.sh on your PATH or invoke it directly; (2) data is stored in cleartext in your home directory, so avoid putting highly sensitive information in entries; (3) the export/json construction does not escape special characters, which may break exports containing quotes/newlines; (4) verify and run the included script in a safe environment (or inspect it) before making it available system-wide. If you plan to trust updates or feedback links, verify the publisher (BytesAgain) independently.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fkezee7qbqvns22r6j77yax830sb5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments