ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawReceipt

v1.0.0

Use this skill to extract receipt information, record expenses, track budgets, and manage financial receipts using the ClawReceipt CLI.

0· 359·0 current·0 all-time
bySakurako@sakurako-irs
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided code and SKILL.md. The CLI implements add, list, budget, alert, and a TUI; storage is a local SQLite DB under data/receipts.db. No unrelated cloud credentials, system-level access, or external endpoints are requested. README mentions an OpenClaw CLI integration but that is optional context rather than a required credential.
Instruction Scope
SKILL.md instructs the agent to extract receipt fields (via agent OCR/vision) and run local python commands (python run.py ...). It explicitly warns not to run the blocking TUI as an agent. The instructions do not ask the agent to read unrelated files or secrets. Note: SKILL.md expects the agent to perform OCR/vision externally (agent side) — the included code does not itself perform OCR, only accepts manual/extracted fields.
Install Mechanism
There is no install spec in the registry entry; the package is distributed with source files and a requirements.txt. No remote downloads or extraction from arbitrary URLs are present. Requirements include common PyPI packages (textual, rich, pandas, openpyxl, etc.). A few packages in requirements.txt (pydantic, python-dotenv, pillow) are not used by the code — unnecessary but not inherently malicious.
Credentials
The skill declares no required environment variables, no primary credential, and no external config paths. The code only reads/writes a local SQLite DB and can export CSV/Excel files. No secrets or unrelated credentials are requested.
Persistence & Privilege
The skill will create a data/ directory and receipts.db in the repository/runtime working directory and write export files (receipts_export.csv, receipts_export.xlsx). It does not request always: true or modify other skills' configs. Consider that it writes files to disk and those files could be read or uploaded by other tools or agents if present.
Assessment
This skill appears internally consistent with its stated purpose and has no network callbacks or secret-exfiltration code. Before installing/using it: (1) run it in a contained environment (venv or sandbox) and inspect files it creates (data/receipts.db, exported CSV/XLSX), (2) only install its pip requirements from PyPI in a trusted environment, (3) be aware the agent (or other tools) may need to perform OCR/vision externally — the skill itself expects extracted fields, and (4) if you are concerned about sensitive financial data, keep the repository and data directory in a location with appropriate access controls. If you want higher assurance, you can run the code locally and review the database file contents to confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97avvgemqf70sj046dr0cb7fn825vbc
359downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Sakurako@sakurako-irs
latest
Download

ClawReceipt Skill for OpenClaw

Use this skill to interface with the ClawReceipt system whenever the user wants to process a receipt, check their monthly spending budget, or export financial data.

Trigger Conditions

Use this skill when the user wants to:

  • Upload or provide a picture/text of a receipt to be recorded.
  • Add a new expense, bill, or receipt to the database.
  • Check their current total spend against their monthly budget.
  • Update their monthly spending budget.
  • List recent receipts/expenses.

Core Workflows

1) Process and Add a Receipt

When the user provides a receipt image or details, extract the relevant fields (Date, Time, Store, Amount, Category) and use the CLI to save it:

  1. Extract details using OCR or LLM vision capabilities.

  2. Ensure you have date (YYYY-MM-DD), time (HH:MM:SS, optional), store (string), amount (float), and category (string, e.g., "อาหาร", "เดินทาง", "Shopping").

  3. Run the CLI command in the ClawReceipt directory:

    python run.py add --date "YYYY-MM-DD" --time "HH:MM:SS" --store "<Store>" --amount <Amount> --category "<Category>"

  4. Read the output to check if the budget was exceeded and relay that information to the user.

2) Check Budget Status

If the user asks "How much budget do I have left?" or "What is my total spend?":

  1. Run:

    python run.py budget

  2. Parse the output which includes "Total Spent" and "Target Budget" and accurately report to the user.

  3. Alert the user if the status indicates "Exceeded Budget!".

3) Set New Budget

If the user wants to set a new monthly budget (e.g., "Set my budget to 5000 baht"):

  1. Run:

    python run.py budget --set <Amount>

  2. Confirm to the user that the budget has been updated successfully.

4) List All Receipts

If the user asks to see history or recently recorded receipts:

  1. Run:

    python run.py list

  2. Summarize the output table for the user.

5) Open TUI / Export (Interactive mode only)

If the user asks to see a beautiful dashboard or export to CSV/Excel, you can suggest they run:

python run.py tui

(Note: As an agent, do not run the tui command directly as it will block the terminal. Instruct the user to run it themselves in a new terminal if they want to interact with the UI or manually export the data).

Required Checks Before Execution

  • Verify run.py is present in the ClawReceipt root folder before calling.
  • Ensure the active Python environment has the required dependencies (rich, pandas, openpyxl, textual, etc.) by utilizing .\venv\Scripts\activate if available.
  • Always quote string arguments like --store "Full Name" to prevent shell argument splitting.

Troubleshooting

  • UnicodeEncodeError: Ensure the terminal is using UTF-8 encoding. The run.py handles this internally for Windows, but be aware if piping output.
  • unrecognized arguments: Ensure parameters like --category are explicitly mapped and don't contain unescaped quotes.

Completion Checklist

  • Required fields accurately extracted and fed to the add command.
  • Command executed successfully (exit code 0).
  • Relevant confirmation (and budget alerts, if any) relayed back to the user clearly.

Comments

Loading comments...