Receipt
v2.0.1Scan, categorize, and total receipts for expenses. Use when recording purchases, categorizing spending, balancing monthly totals, forecasting budgets.
⭐ 0· 191·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim a local CLI receipt tool and the included script implements exactly that: local logs under ~/.local/share/receipt, CLI commands for recording/categorizing/exporting, no external services, no extra binaries or env vars required.
Instruction Scope
Runtime instructions and the script keep activity local to the DATA_DIR. However, the script appends raw user input to log files without sanitization and exports JSON/CSV/TXT without escaping values (JSON export uses printf with raw values). history.log uses a different format than per-command logs which may produce empty values in exports. These are robustness/data-format issues and can enable log-injection or produce malformed exports, but not evidence of network exfiltration or unrelated data access.
Install Mechanism
No install spec is provided (instruction-only). The packaged script is a plain bash file; nothing is downloaded or written by an installer. This is low risk and proportionate for a CLI tool.
Credentials
The skill requests no environment variables or credentials and only relies on HOME to construct the data directory. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and only writes to its own data directory under the user's home. Normal for a local CLI utility.
Assessment
This skill appears to do what it says: a simple local bash receipt logger. Before installing/running: (1) review the script if you will run it on a sensitive or shared machine — it writes all entries in plain text to ~/.local/share/receipt; (2) avoid entering sensitive credentials or account numbers into the logs (they are stored in clear text and included in exports); (3) be aware that inputs are not sanitized/escaped, so entries containing '|' characters, quotes, newlines, or JSON control characters may produce malformed exports or unintended log lines; (4) if you need robust exports or sharing, consider sanitizing/escaping values or adding JSON-escaping before using exported files; (5) no network activity is performed by the script, and no external credentials are requested.Like a lobster shell, security has layers — review code before you run it.
latestvk97ejs5h8mfpca3dy2n676c4518342d7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.