cashbook
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent local bookkeeping skill, with noteworthy but purpose-aligned handling of personal finance data and uploaded payment screenshots.
This skill looks safe to use as a local cashbook if you are comfortable keeping financial records in a local SQLite file. Before installing, remember that uploaded payment screenshots are analyzed by an image tool, deletion/reset commands can remove local records, and the documented export helper is not included in the provided manifest.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your spending history and account labels are stored locally and can be shown back to the agent later.
The skill intentionally persists transaction notes, merchants, dates, amounts, and sources, which are sensitive financial records and may be retrieved in later queries or reports.
CREATE TABLE transactions (... note TEXT, merchant TEXT, date TEXT NOT NULL, ... source TEXT DEFAULT 'manual')
Use it only on a device/profile where you are comfortable keeping a local finance database, and treat imported merchant/note text as data rather than instructions.
Receipt or payment screenshots may contain personal transaction details that are processed outside the cashbook SQLite scripts.
Uploaded payment screenshots are passed to an image-analysis tool before being written to the local database; this is disclosed and purpose-aligned, but screenshot data can be sensitive.
用户上传图片时,使用 `image` tool 分析截图,提取关键字段后走确认流程入库。
Upload only screenshots you are comfortable having analyzed by the host image tool, and redact unrelated sensitive details when possible.
An approved delete command can remove a local transaction and roll back the recorded account balance.
The local CLI can delete bookkeeping records and supports a flag that skips its interactive confirmation prompt; this is consistent with the stated delete feature but should remain user-directed.
parser.add_argument("--yes", "-y", action="store_true", help="跳过确认提示") ... conn.execute("DELETE FROM transactions WHERE id = ?", (tx["id"],))Require clear user confirmation before deletion or reset actions, especially when using --yes or --force options.
The advertised export command may fail or be unavailable from the provided package.
The skill documentation references scripts/export.py, but the provided file manifest does not include that file, creating a packaging/documentation completeness gap.
python3 scripts/export.py --format csv
Do not substitute or download an unreviewed export script; verify the package contents before relying on export functionality.