ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentLedger

v1.1.1

Expense tracking and accounting for AI agents. Log purchases, set budgets, generate spending reports, and manage multi-currency finances — all stored locally. Privacy.com card import, natural language queries, CSV/JSON export. Use when agents make purchases and need a financial audit trail.

4· 3k·6 current·6 all-time
by@c-goro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (expense tracking, budgets, reports, Privacy.com imports) match the included code (ledger, budget, reports, CLI). Required binary is just node and no credentials/config paths are requested, which is proportionate for a local ledger tool.
Instruction Scope
SKILL.md instructs only local operations (logging, importing local Privacy.com JSON exports, exporting CSV/JSON, reading/writing workspace/ledger JSON files). It does not instruct the agent to read unrelated system files, access environment secrets, or send data to external endpoints.
Install Mechanism
There is no remote download/install step in the skill metadata. The package.json and README expect the skill to be copied into the workspace and run with node; that is low-risk and consistent with the skill's purpose.
Credentials
The skill declares no required environment variables or credentials and only needs filesystem access in the workspace (package.json lists filesystem permissions). That matches the stated local-storage design and is proportional.
Persistence & Privilege
always is false and the skill does not request any elevated or cross-skill privileges. It stores data under workspace/ledger only and does not modify other skills or global agent settings.
Assessment
AgentLedger appears coherent: it runs under Node, stores all data locally under workspace/ledger, and asks for no external credentials. Before installing, consider the following: 1) Privacy of stored data — transactions include receipt URLs, confirmation IDs and free-text context; ensure your workspace is secure and do not import raw exports containing full card numbers. 2) Verify the Privacy.com importer implementation (importPrivacyTransactions) to confirm it only processes local JSON and does not make network calls or log sensitive fields. 3) Inspect the omitted/truncated files for any child_process, eval, or network code (HTTP requests, fetch, axios) if you need high assurance. 4) Run the package in a sandbox or dedicated agent workspace first and run the test suite (node test/ledger.test.js). 5) If you want to prevent autonomous agent use of this skill, set disable-model-invocation or only allow user-invocable usage in your agent policy. Overall this skill is internally consistent with its stated purpose, but you should still validate the importer and keep sensitive exports out of the workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk975deftrhvqv7z54yptd3r7q580ajwx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments