Eternal Expense Tracker
v1.0.0Track, categorize, and analyze personal expenses via receipt scans, manual input, CSV imports, budget tracking, and detailed spending reports.
⭐ 0· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (expense tracking, receipt scans, CSV import, reports) match the included script and SKILL.md. The script implements add/scan/import/report/budget functionality and stores data in ~/.expense-tracker, which is appropriate for the stated purpose.
Instruction Scope
SKILL.md instructs running scripts/expense.py and the script performs OCR (pytesseract/Pillow), CSV parsing, categorization, and local JSON storage. The SKILL.md references references/categories.md which is not present in the package; also the provided script output was truncated in the prompt so the tail of the implementation wasn't fully visible. No instructions ask the agent to read unrelated system files or send data externally.
Install Mechanism
No install spec is present (instruction-only). The script prints guidance to install pytesseract/pillow and the system tesseract binary if needed; that's proportional to OCR functionality. No network downloads, remote installers, or archive extraction are present in the manifest.
Credentials
The skill declares no required environment variables, no credentials, and does not attempt to access external secret/config paths. All file writes are local to ~/.expense-tracker, which matches the purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes its own data under the user's home directory and does not modify other skills or global agent configuration in the reviewed content.
Assessment
This package appears to be a local expense tracker that stores data under ~/.expense-tracker and uses local OCR (pytesseract + tesseract) and CSV imports. Before installing or running: 1) Review the full scripts/expense.py file — the provided snippet was truncated, so confirm the rest contains no unexpected network calls or hidden behavior. 2) Note that all financial data will be stored unencrypted by default in your home directory; if that is a concern, move the data directory, enable encryption, or store it in a secure location. 3) OCR requires the tesseract binary and Python packages (pytesseract, Pillow); installing system packages is expected for OCR. 4) There are no requested API keys or external endpoints in the reviewed content, so credential exfiltration is not evident — still verify the truncated portion for any network or subprocess calls before granting autonomous execution. 5) If you want stronger guarantees, run the tool in an isolated environment (VM or container) and inspect the complete source first.Like a lobster shell, security has layers — review code before you run it.
latestvk97ed9yg00fzk6q274qzkd0hw983yw6w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.