Skillv1.1.0

ClawScan security

Expense Tracker v2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 3:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior broadly matches its description (local/Notion/Supabase storage with encrypted credentials), but the included script contains coding errors and there is a truncated file listing so I cannot confirm there are no hidden actions; review and testing are recommended before trusting any secrets to it.
Guidance: What to check before you install or run this skill: - Review the full script contents (the provided file listing was truncated); ensure the rest of the code contains only the expected CLI parsing and no hidden network endpoints or telemetry. If you can, open the complete scripts/expense-tracker.js. - Do not paste real API keys or master passwords until you validate the code. Instead, test with throwaway/test credentials or in a sandboxed account. - The script saves encrypted credentials to ~/.openclaw/expense-tracker/config.enc and stores records in ~/expenses.json by default — back up any existing files and be comfortable with those file locations. - The crypto choices are reasonable (AES-256-GCM, PBKDF2 with 100k iterations), but the implementation has bugs: there are incorrect readline/question usages and a likely bug in decrypt (concatenation of Buffer and string), which can break decryption and risk losing access to stored credentials/data. Expect to test and possibly fix the code before relying on it. - The script calls network APIs only for Notion and Supabase using the keys you provide; verify there are no other unexpected domains in the remainder of the file. - Ensure you run under a supported Node runtime (script uses fetch and assumes Node global fetch; Node 18+ recommended) and consider running it inside a container or throwaway environment first. If you want, I can: (1) fetch and analyze the rest of the truncated file (if you provide it), (2) point out exact lines that need fixing for the password prompts and decryption, or (3) produce a safer drop-in replacement for the buggy functions.

Review Dimensions

Purpose & Capability: okName/description describe multi-backend expense tracking. The JS script implements local, Notion, and Supabase backends and prompts for the expected credentials. There are no unrelated environment variables, binaries, or surprising permissions requested in metadata.
Instruction Scope: noteSKILL.md and the script instruct the agent/CLI to store encrypted config under ~/.openclaw/expense-tracker/config.enc and store data in ~/expenses.json (or user-specified path). That is within scope. The runtime instructions and code interact with Notion and Supabase endpoints using user-supplied keys only. However the SKILL.md + code prompt for interactive passwords and may behave incorrectly due to coding bugs (non-blocking password prompt path, incorrect readline usage), which could lead to unexpected fallback to local storage or saved config not being used. No evidence of exfiltration to third-party endpoints beyond the declared backends.
Install Mechanism: okThis is instruction-only with a shipped script; there is no install spec that downloads remote archives or runs arbitrary installers. That minimizes install-time risk. The script will be written to disk only if the user installs it locally; no package-manager installs or external URLs are used by the skill itself.
Credentials: okThe skill requests no environment variables and only asks the user for the service credentials required for the claimed backends (Notion API key + DB ID, Supabase URL + key, Google Sheets credentials path). These requests are proportionate to the described capabilities. The credentials are stored under the skill's own config directory rather than in system-wide configuration, which is expected.
Persistence & Privilege: okThe skill is not forced-always and does not request elevated platform privileges. It writes configuration and data files into the user's home directory (~/.openclaw/expense-tracker and ~/expenses.json), which is appropriate for a CLI app. It does not appear to modify other skills or system-wide agent settings.