Back to skill
Skillv0.1.7
ClawScan security
Openclaw Receipt Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 1:53 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a local receipt manager: it stores receipts in a local SQLite DB, uses local OCR if available, and does not request remote credentials or network access.
- Guidance
- This skill appears to do what it says: it stores receipts locally in data/receipts and uses a local SQLite DB. Before installing, consider: (1) Verify the skill source (README suggests a GitHub repo — confirm you trust it). (2) The skill will read any image file path you provide that lives under your home directory and copy it into the skill's images folder — avoid passing paths to sensitive files. (3) If tesseract is installed, the skill will call it locally for OCR; tesseract is invoked via subprocess but no network calls are made by the skill code. (4) Inspect the full receipt_db.py CLI portion (the file was partially shown) if you want to be extra cautious; based on the reviewed code there are reasonable sanitization and path checks. (5) Run the tool in a limited environment or with test data first if you have concerns about accidental leakage of sensitive files.
Review Dimensions
- Purpose & Capability
- okName/description (receipt extraction, storage, queries) matches the provided scripts and CLI. The handler accepts JSON from the agent and invokes the local CLI to add receipts; the CLI implements DB, deduplication, OCR, parsing, and summaries. No unrelated credentials, binaries, or remote services are requested.
- Instruction Scope
- okSKILL.md instructs initialization, adding, and querying of receipts via the included scripts; handler behavior (read JSON, sanitize fields, call receipt_db.py) matches the doc. The instructions operate on local files under the skill workspace/data/receipts and do not instruct reading unrelated system state or sending data to external endpoints.
- Install Mechanism
- okNo install spec is present (instruction-only), and the shipped files contain the implementation. The README suggests cloning a GitHub repo, but no runtime download or remote install step is embedded in the skill files. No high-risk URL downloads or archive extraction are present.
- Credentials
- okThe skill requests no environment variables or credentials. It reads and writes files only in its data directory and accepts image paths provided by the agent/user. This file access is proportional to the purpose, though users should be aware that any file under the user's home can be supplied as an image path and will be read/copied.
- Persistence & Privilege
- okalways is false and the skill uses normal agent invocation. It writes its own DB and images under its data directory and does not modify other skills or system-wide configurations. Autonomous invocation is allowed (platform default) but not combined with any broad secret access.