ClawHub

Spend Tracker

v2.0.2

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Spend Tracker concepts, best practices, and implementation patterns.

0· 107·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Spend Tracker reference for devtools) matches the provided artifacts: a SKILL.md with static reference text and an included shell script that prints the same documentation. One minor inconsistency: registry version is 2.0.2 while the bundled script sets VERSION="2.0.1" — likely a packaging/versioning oversight rather than malicious behavior.
Instruction Scope
SKILL.md instructs only about local reference commands and explicitly states 'No external API calls, no credentials needed, no network access.' The included script implements only heredoc outputs and basic CLI argument handling; it does not read other files, access environment variables, or make network calls.
Install Mechanism
No install specification is present (instruction-only in the registry sense). There is a single included shell script, but nothing attempts to download or extract remote code or install system packages.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The runtime script does not read secret-named env vars or other system config, so requested privileges are proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system changes. It includes a runnable script (scripts/script.sh) but does not modify other skills or global agent configuration.
Assessment
This skill appears to be a simple, read-only documentation helper and is coherent with its description. Before installing, note the minor version mismatch (script reports 2.0.1 vs registry 2.0.2). Review the included scripts/script.sh (it's a plain shell script that only prints documentation) and, if you run it, do so in a controlled environment. Confirm the source repository if you require provenance, and watch for future updates that might add network or credential access — those would change the risk profile.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dn3veyzww9amxfa45q748d83h9qm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments