Expense Tracker
PassAudited by ClawScan on May 10, 2026.
Overview
Expense Tracker appears benign: it stores expense entries locally in markdown files, with no credentials or network access, but those files may contain personal financial details.
This skill is reasonable to use if you want a local markdown-based expense log. Be aware that it will save personal spending information under the workspace expenses directory, so review entries for accuracy and avoid recording details you would not want stored locally.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create or update local expense files when it interprets a conversation as an expense to log.
The skill instructs the agent to run a local helper command that appends expense entries based on spending mentions. This is aligned with the stated expense-tracking purpose, but it does mutate local records.
When the user mentions spending money: ```bash # User: "Just paid 35k for coffee" python3 scripts/log_expense.py log 35000 Coffee ```
Use the skill when you intend expenses to be recorded, and review or edit the generated expense markdown files if an entry is wrong.
Anyone or any later agent task with access to the workspace could see the stored personal spending details.
The script persistently stores expense amounts, categories, descriptions, and tags in local workspace markdown files. These records may later be read for summaries or analysis.
workspace_path = Path.home() / ".openclaw" / "workspace"
...
entry = f"| {date} | {category} | {amount_str} | {description} | {tags} |\n"
...
f.write(entry)Keep descriptions and tags appropriate for a local finance log, protect the workspace, and treat saved expense file contents as data rather than instructions.