ClawHub

Financial Tracker

v1.0.1

AI-powered financial tracking for solopreneurs — log income and expenses, monitor revenue toward monthly goals, generate P&L snapshots, flag cash flow risks,...

0· 228·1 current·1 all-time
by@clawdssen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (financial tracking for solopreneurs) match the instructions: creating a finance/ directory, logging income/expenses, generating P&L snapshots, and optional scheduling. Nothing requested (no env vars, no binaries, no installs) appears unrelated to this purpose.
Instruction Scope
Instructions tell the agent to create and maintain plaintext files in the workspace and to pull from those files when generating reports (expected). The SKILL.md includes examples that add autonomous month-end cron jobs and announcement hooks (openclaw cron add ... --announce --to "[YOUR_TELEGRAM_CHAT_ID]") — these are optional examples but could cause the agent to send financial data to external channels if a user configures them. The skill also references pulling data from other agent-managed docs (SOUL.md / AGENTS.md) during weekly reviews; that is reasonable but means the agent may read other workspace files if instructed.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest risk for supply-chain or disk-written code. No downloads, packages, or non-standard install actions are present.
Credentials
The skill requests no environment variables or credentials. There are example commands that reference external announcement targets (Telegram chat ID) but the skill does not itself require or ask for tokens or unrelated secrets.
Persistence & Privilege
always is false. The skill suggests using platform features (cron/heartbeat) for scheduled month-end closes and announcements; that enables autonomous actions but is normal for this use-case. Users should be aware that enabling scheduled jobs or announcements causes the agent to act and possibly transmit summaries without manual prompts.
Assessment
This skill appears internally consistent with its stated purpose, but before installing: 1) decide where the finance/ directory will live — the skill writes plaintext financial data to your workspace, so avoid storing it in locations synced to untrusted cloud services unless you accept that risk; consider encrypting or restricting access. 2) Review and confirm any notification/cron examples before enabling them (the example uses --announce and a Telegram chat ID) to avoid unintentionally sending sensitive summaries to external endpoints. 3) If you do not want autonomous scheduled reports, do not add the cron/heartbeat steps or disable autonomous agent invocation for this skill via your platform settings. 4) Verify the agent's broader workspace/file access (SOUL.md, AGENTS.md, other project files) if you are concerned about cross-file data inclusion. If you want me to, I can produce a short checklist or a hardened installation prompt that limits announcements and schedules.

Like a lobster shell, security has layers — review code before you run it.

latestvk970tcjhn5q5y7xvhgyg9n8zx982htrq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments