Spend Intelligence
v1.0.0Analyze company spend data to identify waste, benchmark costs by industry, optimize vendor contracts, and forecast cash flow with a prioritized action plan.
⭐ 0· 465·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (spend analysis, vendor optimization, cash-forecasting) align with the SKILL.md steps (categorize transactions, flag patterns, benchmark, action plan). No unexpected binaries, env vars, or installs are requested.
Instruction Scope
The runtime instructions correctly describe categorization, pattern detection, benchmarking, and action-plan generation. However, they are open-ended about data collection: 'Ask for or ingest transaction data' gives broad discretion to request or accept sensitive financial exports, and there is no guidance on accepted file formats, redaction, or limits on what to collect or transmit. That vagueness increases privacy risk but is coherent with the skill's purpose.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes disk persistence and supply-chain risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does not request unrelated secrets. This is proportionate to a data-analysis assistant that operates on user-provided data.
Persistence & Privilege
always is false and the skill does not request persistent installation or system-wide configuration changes. It does not declare elevated privileges.
Assessment
This skill appears to do what it says, but it will need transaction data to be useful — and transaction data is very sensitive. Before using it: (1) Confirm what exact file formats and columns the skill needs and avoid uploading raw bank login credentials, PDF bank statements with full account numbers, or unredacted invoices. (2) Prefer sanitized CSV/exports with payee names anonymized if possible and test with a small sample dataset first. (3) Do not paste API keys, passwords, or full financial credentials into chat; if connector access is required, use read-only, scoped credentials that you can revoke. (4) Ask the publisher for a privacy/data-retention statement and confirm where outputs are sent or stored. (5) Note the README links to paid bundles on afrexai-cto.github.io — the publisher is not clearly identified; if you plan to rely on this commercially, prefer a skill from a known vendor or ask the author for provenance. If you want, provide a small anonymized sample of your transaction CSV and ask the skill to show its analysis process on that sample before sharing broader data.Like a lobster shell, security has layers — review code before you run it.
cost optimizationvk976qr6v28tjnsgfa8zd7k4y0x81hc7rfinancevk976qr6v28tjnsgfa8zd7k4y0x81hc7rlatestvk976qr6v28tjnsgfa8zd7k4y0x81hc7rprocurementvk976qr6v28tjnsgfa8zd7k4y0x81hc7rspend analysisvk976qr6v28tjnsgfa8zd7k4y0x81hc7r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.