Billclaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
BillClaw’s behavior matches its financial-management purpose, but using it means installing npm packages and granting access to sensitive bank and Gmail data.
BillClaw appears coherent and purpose-aligned, not malicious in the provided artifacts. Install it only if you are comfortable granting bank/Gmail access to the installed npm packages, verify the package provenance, and protect or periodically clean up the local financial data it stores.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the skill can access sensitive bank transaction data and Gmail bill-related data through the user’s provider credentials.
The skill discloses that it uses user-provided Plaid and Gmail credentials for bank sync and Gmail bill fetching, which is expected for the stated purpose but grants access to sensitive accounts.
`PLAID_CLIENT_ID`, `PLAID_SECRET`, `GMAIL_CLIENT_ID`, `GMAIL_CLIENT_SECRET`
Only configure credentials for features you intend to use, prefer least-privilege/read-only OAuth scopes where available, and review provider permissions before approving access.
The reviewed skill files do not by themselves show the full code that will handle credentials and financial data after installation.
The install mechanism relies on external npm packages for the actual functionality. This is purpose-aligned, but the runtime package contents are not included in the provided artifacts.
`@firela/billclaw-openclaw`, `@firela/billclaw-cli`, `@firela/billclaw-connect`
Before use, verify the npm package source, publisher, provenance, and versions; consider pinning versions in controlled environments.
Financial records and tokens may remain on the device after use and could be exposed if the local account, backups, or keychain are compromised.
The skill documents persistent local storage of financial data and credential tokens. This is expected for a local-first finance tool, but it is sensitive persistent state.
Financial data stored locally in `~/.firela/billclaw/` ... OAuth tokens stored in your system keychain
Use device encryption, protect local backups, periodically review `~/.firela/billclaw/`, and remove stored credentials/data when no longer needed.