Bill Tracker

v1.0.0

Retrieve upcoming bills, account balances, and assess if you can afford a specified amount within a set time frame.

⭐ 0· 638·1 current·1 all-time

by@danielsimons1

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (retrieve upcoming bills, balances, affordability) match the declared environment variables (BILL_TRACKER_URL and BILL_TRACKER_SESSION_TOKEN) and the endpoints documented in SKILL.md. Requiring a session token and base URL is expected for an API-only bill-tracking integration.

✓

Instruction Scope

SKILL.md restricts actions to making POST calls to the Bill Tracker API (curl via bash), parsing JSON, and summarizing results. It does not instruct reading unrelated files, accessing other environment variables, or transmitting data to third-party endpoints.

✓

Install Mechanism

There is no install spec and no code files; this is instruction-only. That minimizes the risk of arbitrary code being written or executed on disk.

✓

Credentials

Only two environment variables are required: the service base URL and a session token (primary credential). Both are directly justified by the skill's purpose. No unrelated secrets or broad cloud credentials are requested.

ℹ

Persistence & Privilege

always:false (normal). disable-model-invocation:false means the agent may call the skill autonomously, which is the platform default; this is not a red flag by itself but you should be aware the agent can issue API calls using the provided session token when invoked.

Assessment

This skill is coherent with its description, but before installing: ensure BILL_TRACKER_URL points to a trusted HTTPS endpoint you control or trust; keep BILL_TRACKER_SESSION_TOKEN secret and store it only in a secure environment (do not paste into public chats); prefer a dedicated read-only account or token if available; confirm token lifetime/permissions so compromise risk is limited; and be aware that the agent will use the token to call the API (autonomously when invoked). If you didn't expect to provide a session token or don't trust the service URL, do not install the skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💰 Clawdis

EnvBILL_TRACKER_URL, BILL_TRACKER_SESSION_TOKEN

Primary envBILL_TRACKER_SESSION_TOKEN

latestvk9747x116x4h9zbjwesaqn4w918157as

638downloads

0stars

1versions

Updated 9h ago

v1.0.0

MIT-0

Bill Tracker Skill

When the user asks about their bills, account balances, or whether they can afford something, use the bash tool to call the Bill Tracker API.

Required environment

BILL_TRACKER_URL - Base URL (e.g. https://your-server.com or http://localhost:1337)
BILL_TRACKER_SESSION_TOKEN - Session token for authentication (obtained once via POST /api/mcp/token)

Getting a session token

Bill Tracker uses magic-link auth (no passwords). Two steps:

Request a verification code (sent to email):

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"email":"user@example.com"}' \
  "${BILL_TRACKER_URL}/api/mcp/request-code"

Exchange the code from your email for a session token:

curl -s -X POST -H "Content-Type: application/json" \
  -d '{"code":"123456"}' \
  "${BILL_TRACKER_URL}/api/mcp/token"

Store the returned sessionToken in BILL_TRACKER_SESSION_TOKEN. Tokens are long-lived; no need to re-verify on every request. (Codes expire in 10 minutes.)

Endpoints

1. Upcoming transactions (bills and income due soon)

POST ${BILL_TRACKER_URL}/api/mcp/upcoming-transactions
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "days": 3 }

Default days is 3. Increase for a longer window (e.g. days=7).

2. Account balances

POST ${BILL_TRACKER_URL}/api/mcp/account-balances
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}

Returns each account with name, type, balance, and a totalBalance (cash minus debt).

3. Can I afford X?

POST ${BILL_TRACKER_URL}/api/mcp/can-afford
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "amount": 500, "horizonDays": 90 }

Replace 500 with the amount in dollars. horizonDays defaults to 90.

Returns either canAfford: true with the date they can afford it, or canAfford: false with a message.

How to call

Use curl with POST. Pass X-Parse-Session-Token (or Authorization: Bearer $BILL_TRACKER_SESSION_TOKEN) for authentication. The token identifies the user—no email or password needed. Parse the JSON response and summarize clearly for the user.

Example (upcoming transactions):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"days": 3}' \
  "${BILL_TRACKER_URL}/api/mcp/upcoming-transactions"

Example (account balances):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{}' \
  "${BILL_TRACKER_URL}/api/mcp/account-balances"

Example (can afford):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"amount": 500}' \
  "${BILL_TRACKER_URL}/api/mcp/can-afford"

Comments

Loading comments...