ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Receipt Expense Sorter

v1.0.0

整理收据和报销资料,按周期、类别、凭证完整度做分组与缺失提醒。;use for receipts, expenses, finance-ops workflows;do not use for 替代正式财务报销系统, 生成虚假发票信息.

0· 89·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match required artifacts and behavior. Declared requirement (python3) is appropriate for the included Python script. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines behavior to local/readonly整理 and suggests running the included script. The script implements structured reports, directory/csv scanning and pattern checks; it can read any files or directories the user points it at, and includes simple pattern checks for secrets. This is expected for an audit/organizer tool but the user should avoid pointing the tool at system/root or other sensitive directories to prevent accidental scanning/exposure of secrets.
Install Mechanism
No install spec or remote downloads. The skill is instruction + local Python script and relies only on python3 and the standard library — low install risk.
Credentials
No environment variables, credentials, or external tokens are requested. The script reads files provided by the user; this is proportional to the skill's purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It does not store credentials or change system-wide settings.
Assessment
This skill appears coherent and low-risk, but follow these precautions before running: (1) inspect scripts/run.py locally (it is self-contained and readable) and run the provided smoke test; (2) do not point --input at system or home root directories — only provide the expense/receipt files you intend to analyze; (3) if your inputs contain PII or sensitive financial data, run in a sandboxed environment and consider preprocessing (redaction) first; (4) run with --dry-run or output to a file you control and review the generated Markdown before any automated submission to external systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5tksbfmm34qgetgw8rex6s8365kd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧾 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments