ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Expense Tracker

v1.1.0

Track daily expenses in structured markdown files organized by month. Use when the user wants to log spending, view expense summaries, analyze spending patte...

0· 746·9 current·9 all-time
byLoc Vo@aholake
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the shipped assets: SKILL.md and a Python script that logs expenses to markdown files and produces summaries. No extraneous credentials, binaries, or services are required.
Instruction Scope
Runtime instructions only call the included script with well-scoped commands (log, summary). The SKILL.md does not instruct the agent to read unrelated system state or transmit data externally. It does instruct the user/agent to read the generated markdown files.
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing is downloaded or written beyond the described files at runtime.
Credentials
No environment variables, credentials, or config paths are requested. The script uses only local filesystem paths (workspace default: ~/.openclaw/workspace) and a backup directory under ~/Documents, which are reasonable for the task.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or global agent settings. It writes only to its own workspace and a user Documents backup folder; no elevated privileges are requested.
Assessment
This skill appears coherent and local-only. Before installing or running it: (1) review the script yourself (it’s short and included) to confirm its behavior; (2) be aware it will create/append files under the workspace (default ~/.openclaw/workspace/expenses) and will copy the pre-write file to ~/Documents/expenses_backup/, overwriting the previous snapshot for the month; (3) if you prefer a different workspace, use the --workspace option; (4) run it in a sandbox or test workspace if you want to verify behavior before using real financial data. No network or secret exfiltration was detected.

Like a lobster shell, security has layers — review code before you run it.

latestvk97153175vbe0ts5r88x220bz9820gk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments