v1.0.0

Beijing Tech Finance

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:39 AM.

Analysis

This is a local finance reference and calculator skill with no credential, network, persistence, or account-changing behavior shown, though users should not treat its sample budget monitor as live financial data.

GuidanceThis skill appears safe to install for reference and local calculator use. Verify tax and accounting results against current official rules or a qualified accountant, and do not rely on the budget-monitor script as live financial monitoring unless its mock random data source is replaced with verified company data.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

USAGE_EXAMPLE.md

python scripts/calculate_rd_deduction.py 8000000 600000 tech_sme

The documentation asks the user to run bundled Python scripts. This is purpose-aligned for calculator functionality, but users should notice that using the skill may involve local code execution despite no required binary being declared.

User impactRunning the examples executes local Python code on the values or files you provide.

RecommendationRun the scripts only intentionally from the skill directory, and review calculator outputs before using them for real financial decisions.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

`references/budgeting.md` - Budget planning templates and workflows

SKILL.md lists bundled reference paths such as references/budgeting.md that are not present in the supplied manifest, while other similarly themed reference files are present. This looks like documentation drift rather than malicious behavior.

User impactThe agent may try to open a non-existent reference file or miss the correct bundled document.

RecommendationUse the files actually included in the package and ask the publisher to update or include the missing reference names.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/monitor_budget.py

模拟从财务系统获取实际支出数据 ... import random ... variance = random.uniform(-0.2, 0.3)

The budget monitor generates simulated random expense data instead of reading actual finance-system spending, even though the surrounding documentation frames it as budget monitoring.

User impactBudget warnings may look authoritative while being based on mock data, which could mislead planning if treated as real.

RecommendationTreat budget-monitor output as a demo unless it is connected to verified accounting data, and clearly label generated results as simulated.