bill claw
v1.0.0Drives the BillClaw local bookkeeping CLI against SQLite (db/expenses.db) via scripts/main.py JSON subcommands—add/query transactions, delete and category-me...
⭐ 0· 96·0 current·0 all-time
byJuneBao@520mianxiangduixiang520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (local bookkeeping against db/expenses.db) matches the included code (scripts for DB, parsing, reporting, and a Flask dashboard). Declared dependencies (Python libs in requirements.txt) are appropriate for parsing, plotting and serving a local dashboard. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs the agent to run the included scripts/main.py subcommands (add/query/delete-preview/delete-confirm/merge-preview/merge-confirm/report/serve/export-csv/parse). These instructions stay within the bookkeeping scope. Note: the skill relies on the agent to implement preview+explicit user confirmation flows for destructive actions; SKILL.md warns that the add path can return a 'suspicious' flag after writing, so care is needed to avoid writing before confirmation for some user-flows.
Install Mechanism
No install spec is provided (instruction-only). The repository includes Python scripts and a requirements.txt referencing well-known packages (dateparser, pydantic, matplotlib, flask) — no downloads from untrusted URLs or archive extraction.
Credentials
The skill does not request secrets or special environment variables. SKILL.md documents an optional BILLCLAW_DB_PATH to override the default DB location; that is reasonable and not listed as required. No other credentials or config paths are requested.
Persistence & Privilege
always:false and no special platform privileges are requested. The skill will read/write the local SQLite DB and write report PNG/CSV files (output_dir defaults to a directory in the working directory) and can start a local Flask server — these are expected for a bookkeeping tool and scoped to the host machine.
Assessment
This skill operates on local files: it reads and writes the repository-local SQLite database (db/expenses.db by default), creates PNG/CSV report files in the output directory, and can run a local Flask server (binds to the host/port you pass). It does not request API keys or network endpoints. Before installing or letting an agent run it: 1) review/backup your existing db file (db/expenses.db) because the scripts modify it; 2) inspect scripts/main.py and scripts/db.py if you want to confirm the exact delete/merge semantics (SKILL.md requires preview+confirm, but you should verify the agent enforces that flow); 3) run pip install -r requirements.txt in a virtualenv to keep dependencies isolated; 4) run the tool locally yourself first to verify behavior and outputs; 5) be aware that autonomous agent invocation is allowed by default — if you don't want the agent to run commands without a human in the loop, keep it user-invocable-only or disable autonomous invocation. Overall the package appears coherent and appropriate for local bookkeeping.Like a lobster shell, security has layers — review code before you run it.
latestvk970bd2gezd0th2ba2r82v1tqd838h5t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.