Personal Finance Beancount
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Beancount/Fava finance helper, but it works with highly sensitive personal finance files and may use local Python tools.
Before installing or using this skill, be comfortable sharing the specific Beancount data needed for analysis, verify any local Python commands before running them, and treat financial recommendations as educational rather than licensed professional advice.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may expose private financial data to the agent context so it can analyze and summarize it.
The skill is intended to inspect complete personal finance ledgers, which can contain balances, payees, account names, transaction history, and other sensitive financial details.
For uploaded files: Read the file contents to understand account structure and transaction patterns
Share only the Beancount files or excerpts needed for the task, and remove unrelated sensitive details before uploading if possible.
A local script may read the selected finance file and produce reports on it.
The skill may direct the agent or user to run an included Python script against a ledger file. This is aligned with the analysis purpose, but it is still local code execution.
Run this script to generate quick financial reports from Beancount files: python scripts/analyze_beancount.py <beancount_file> [options]
Review the command and file path before running it, and run it only on ledgers you intend to analyze.
Installing external packages can introduce dependency risk if the package source or version is not what the user expects.
The README documents installing external Python packages for the analysis workflow. This is expected for Beancount tooling, but the install example is unpinned.
pip install beancount
Install dependencies from trusted package indexes and consider pinning versions in your own environment.
Financial recommendations could influence real spending, budgeting, debt, or investment decisions.
The skill provides finance and investment guidance, which users may over-trust. The artifact also includes an appropriate boundary that it is educational and not licensed advice.
Professional financial advisor for plain-text accounting... Provide general principles, not specific investment picks... not acting as a licensed advisor
Use the guidance as education and analysis, and consult a qualified professional for major financial, tax, or investment decisions.