AI Financial Report

v1.0.0

Upload Excel, CSV, or PDF financial statements for AI-generated detailed business analysis, including revenue, costs, profitability, cash flow, and anomaly a...

⭐ 0· 39·0 current·0 all-time

byYK-Global@billjamno58

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for billjamno58/ai-financial-report.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "AI Financial Report" (billjamno58/ai-financial-report) from ClawHub.
Skill page: https://clawhub.ai/billjamno58/ai-financial-report
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ai-financial-report

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-financial-report

Security Scan

Capability signals

CryptoCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to process files locally and not upload data, but the code calls external AI provider endpoints (report_generator.py) and a billing endpoint (skillpay.me) for plan validation. Calling a billing service is plausible for a paid tier, but transmitting the user's API key as the 'user_id' field to skillpay.me (validateToken uses user_id: userId || apiKey) is not required by billing and does not align with privacy claims.

Instruction Scope

SKILL.md states 'No data upload' and 'All files processed locally', but runtime code sends parsed data / prompts to user-configured external AI APIs and performs network billing checks. The instructions are therefore inaccurate and overbroad in a privacy-sensitive way. The handlers also write temp files to /tmp and cache billing results there.

ℹ

Install Mechanism

There is no explicit install spec; the package includes Python scripts and a requirements.txt listing heavy dependencies (pandas, pdfplumber, etc.). That is consistent with the code but means the runtime environment must have those Python packages installed. Lack of an install step is not itself malicious, but the runtime expects native dependencies.

Credentials

The skill does not declare required env vars but reads SKILL_BILLING_API_KEY and SKILL_BILLING_SKILL_ID. validateToken will POST to the billing endpoint with body.user_id set to userId || apiKey — meaning if the caller omits userId the user's AI apiKey may be sent to the billing service. The skill also loads a .env file into process.env, which may expose environment values if present in the skill directory. These behaviors are not proportionate to the stated local-processing privacy promise.

ℹ

Persistence & Privilege

always is false and the skill does not request special system privileges. It writes temporary files and a billing cache under /tmp (CACHE_DIR = '/tmp/ai-financial-report-cache'), which persists for the cache TTL. That is expected for local processing but increases the chance sensitive data lingers in /tmp if cleanup fails.

What to consider before installing

Key points to consider before installing or using this skill: 1) Privacy claim mismatch: The SKILL.md says ‘All files processed locally, never sent to third-party servers’, but the code sends prompts/data to external AI providers (OpenAI, Anthropic, DeepSeek, Qwen, MiniMax) using the API key you provide—so your uploaded financial data will leave your machine and go to those providers. If you need strict local-only processing, this skill is not appropriate. 2) Potential API key leak to billing service: The billing code posts to https://skillpay.me/api/v1/billing/charge and sets the POST body user_id to userId || apiKey. If you do not supply a separate userId, your AI API key may be transmitted in that field to skillpay.me. Avoid passing production/privileged API keys unless you trust skillpay.me and the skill author. 3) Temporary files and cache: Uploaded files and an input JSON are written under /tmp and deleted on success, but exceptions may leave files or billing cache files in /tmp. Treat /tmp as a place where sensitive data might persist briefly. 4) Mitigations if you still want to try it: - Prefer using a throwaway or limited-scope AI API key (if the provider supports scoped keys) rather than your main production key. - Provide an explicit userId in calls so validateToken does not fall back to sending your apiKey as user_id to skillpay.me. - Do not set SKILL_BILLING_API_KEY unless you trust the billing provider and understand what data is transmitted. - Review and run the source code in an isolated environment first (network disabled) to verify local behavior. 5) If you cannot audit the code or do not accept these risks, do not install or do not provide your real AI API key or financial files to this skill.

✗

src/handlers/skill_invoke.js:37

Shell command execution detected (child_process).

✗

src/services/billing.js:14

Environment variable access combined with network send.

src/services/billing.js:34

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5kzg73b4rgrm4wk5knebx185nmhr

39downloads

0stars

1versions

Updated 1d ago

v1.0.0

MIT-0

Financial Report AI (ai-financial-report)

Upload Excel/CSV/PDF financial statements → AI auto-generates structured business analysis reports (revenue structure / cost anomalies / profitability / cash flow / balance sheet / KPI achievement / anomaly alerts).

Tiered Features

Feature	FREE	PRO
Analyses/month	3	Unlimited
Input formats	CSV, Excel	CSV, Excel, PDF
Analysis dimensions	3 basic	All 7
Charts	❌	✅
Industry comparison	❌	✅
Price	Free	$0.01 USDT/use

Upgrade to PRO: https://skillpay.me/ai-financial-report

Architecture

User uploads file
    ↓
index.js (entry, routes to handlers)
    ↓
src/handlers/
  ├── skill_invoke.js    ← core analysis engine dispatcher
  ├── file_upload.js     ← file upload handler
  └── message_handler.js ← text chat handler
    ↓
src/services/
  ├── billing.js         ← SkillPay token validation + 5-min cache
  ├── file_parser.py     ← Excel/CSV/PDF parsing
  └── report_generator.py ← AI analysis + Markdown rendering

Quick Start

Upload a File (Recommended)

Upload your Excel/CSV/PDF financial file directly — AI automatically completes the full analysis.

Supported formats: .csv, .xlsx, .xls, .pdf

Configure AI API Key

This skill does not include an AI model. Users configure their own API key.

Supported AI models (any one):

Model	Provider	Get API Key
GPT-4o	OpenAI	platform.openai.com
Claude 3.5	Anthropic	console.anthropic.com
DeepSeek V3	DeepSeek	platform.deepseek.com
Qwen	Alibaba Cloud	bailian.console.aliyun.com
MiniMax	MiniMax	platform.minimax.chat

No binding, no recommendation, no restriction on specific models — user chooses freely.

Output Example

# Financial Report Analysis

**Company**: XX Tech Co.
**Period**: Q1 2024
**Tier**: PRO

---

## 1. Revenue Structure

| Item | Value |
|------|-------|
| Total Revenue | 3,800 (10K CNY) |
| YoY Change | +15.3% |
| QoQ Change | +8.2% |

**Structure**: Core business 82%, other business 18%

---

## 7. Anomaly Alerts

| Dimension | Severity | Description | Value |
|-----------|----------|-------------|-------|
| Cost | 🔴 HIGH | Admin expense ratio abnormally high | 18.5% (avg: 12%) |
| Cash Flow | 🟠 MEDIUM | Operating cash flow YoY declined | -12.3% |

Data Format

Format	Notes
CSV	UTF-8, first row = header
Excel (.xlsx)	Multi-sheet, reads first sheet by default
PDF	Text must be copyable (no scanned images)

Column guidelines: Use clear dimension names (revenue, cost, profit, etc.). Avoid excessive merged cells.

Privacy

No data upload: All files processed locally, never sent to third-party servers
No file storage: Temporary files deleted immediately after analysis
API calls: Only uses user-configured AI API, data processed locally
Token validation: Only verifies plan eligibility, no financial data stored

Error Handling

Error	Resolution
"Unsupported format"	Use CSV, Excel (.xlsx/.xls), or PDF with copyable text
AI analysis failed	Check API key validity and balance; try another model
Report data inaccurate	AI analysis is for reference only; verify against source files

Tech Stack

Parsing: Python 3 + pandas + openpyxl + pdfplumber
AI Interface: OpenAI-compatible REST API
Runtime: Node.js (OpenClaw Agent)

Billing

Endpoint: POST https://skillpay.me/api/v1/billing/charge
Header: X-API-Key: {api_key}
Body: {"user_id": "...", "skill_id": "ai-financial-report", "amount": 0}
Response: {"success": true, "balance": ...}
Fallback: Network error → FREE tier (usage not blocked)
Cache: Validation result cached locally (SHA256 hash), TTL 5 minutes

Env Variables

Variable	Description	Default
`OPENCLAW_SKILL_DIR`	Skill root (for cache)	`__dirname/..`
`SKILL_BILLING_API_KEY`	Builder API Key (from SkillPay)	—
`SKILL_BILLING_SKILL_ID`	Skill Slug	`ai-financial-report`

For builder setup: visit https://skillpay.me

Comments

Loading comments...