ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawshier

v0.1.5

Process receipt or invoice images into structured expenses and log them to Google Sheets. Use when the user wants to scan, log, track, or record an expense f...

0· 568·1 current·1 all-time
by@fdocr
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (receipt/invoice OCR → structured expense → Google Sheets) align with required env vars (GOOGLE_SHEETS_ID, GOOGLE_SERVICE_ACCOUNT_KEY) and primary credential (OPENAI_API_KEY). The code uses OpenAI for OCR/structuring and Google Sheets APIs for persistence, which is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running the included Node pipeline and handlers, prefers the safe runner over shell pipes, and documents optional tracing/test modes. Runtime behavior reads local image files, reads .env, posts image data to OpenAI (or to a local Ollama host if configured), and writes trace/mock DB files locally. There are no instructions to read unrelated system credentials or exfiltrate data to unexpected endpoints.
Install Mechanism
The registry lists no automated install spec, but the bundle includes package.json and source files that require npm dependencies (openai, googleapis, dotenv). That means the skill expects a Node.js environment and a manual npm install step (per README). No downloads from arbitrary URLs or suspicious installers are present.
Credentials
Required env vars are proportional: GOOGLE_SHEETS_ID and GOOGLE_SERVICE_ACCOUNT_KEY are needed to access the target spreadsheet; OPENAI_API_KEY (declared as primary) is needed for OCR/LLM structuring. Other env vars referenced (CLAWSHIER_*, OPENAI_MODEL, etc.) are optional configuration. No unrelated secret tokens or multiple unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent configuration. It writes local trace and test DB files (.clawshier-last-trace.json, .clawshier-test-db.json) and will modify the target Google Sheet (including deleting default 'Sheet1' on first run) — this is consistent with its stated purpose.
Assessment
This package appears to do what it says: it OCRs invoice/receipt images (via OpenAI by default or a local Ollama host) and appends structured rows to a Google Sheet. Before installing, ensure you: 1) provide a path to a Google service account JSON (GOOGLE_SERVICE_ACCOUNT_KEY) and the spreadsheet ID (GOOGLE_SHEETS_ID); 2) are comfortable that image bytes and extracted text will be sent to OpenAI (OPENAI_API_KEY) unless you force a local Ollama provider; 3) understand the skill will manage sheet tabs and may delete the default 'Sheet1' on first write; 4) run npm install in the skill directory (package.json present) and inspect the .env file used by dotenv; and 5) test in CLAWSHIER_TEST_MODE=1 to use local fixtures before pointing at real spreadsheets or keys. If you want additional assurance, review the included files (especially lib/visionOcr.js and lib/googleSheets.js) and confirm the GOOGLE_SERVICE_ACCOUNT_KEY points to a local file you control rather than embedding raw credentials in environment variables you don't trust.
lib/visionOcr.js:81
Shell command execution detected (child_process).
test/pipeline-smoke.test.js:20
Shell command execution detected (child_process).
lib/visionOcr.js:15
Environment variable access combined with network send.
!
lib/visionOcr.js:45
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvGOOGLE_SHEETS_ID, GOOGLE_SERVICE_ACCOUNT_KEY
Primary envOPENAI_API_KEY
latestvk97fzj8nsan19wj69t49jkjdm584fhs1
568downloads
0stars
15versions
Updated 5h ago
v0.1.5
MIT-0
@fdocr
latest
Download

Clawshier

Process a receipt or invoice image through a four-step pipeline, then reply with a short summary of what was added.

Input handling

  • If the user provides a local file path to the image, use that path directly.
  • If the user sends an image in chat and a local attachment path is available, use that path.
  • If no local file path is available for the image, ask the user to resend it as a file or provide a path you can execute against.
  • If the user explicitly gives the receipt date, preserve it and pass it to step 3 with --date YYYY-MM-DD.

Workflow

Run the safe pipeline runner. If it fails, retry it up to 2 times before surfacing the error.

Primary path — Safe pipeline runner

Run:

node {baseDir}/scripts/run_pipeline.js --image <path_to_image>

If the user explicitly provided a date, always pass it in ISO format:

node {baseDir}/scripts/run_pipeline.js --image <path_to_image> --date 2026-03-25

This runner performs OCR → structure → validate/deduplicate → store internally using JSON files, not shell-interpolated pipeline strings.

It writes to:

  • the monthly expense tab (MM-YY)
  • Invoice Archive Breakdown
  • Summary

It also removes the default Sheet1 tab if present.

Handler compatibility note

The individual handlers still support stdin/stdout for testing, but when automating the skill, prefer scripts/run_pipeline.js or the handlers' --input-file/--output-file options instead of embedding untrusted receipt/LLM output into shell commands.

If OCR reports that the image is not a receipt or invoice, tell the user:

I couldn't detect a receipt or invoice in that image. Could you try again with a clearer photo?

If the validator reports a duplicate, stop and tell the user:

This receipt appears to already be logged (vendor, date, total match an existing entry). Skipping.

Success reply

After a successful run, reply in this format:

Added expense: {vendor} — {total} {currency} on {date} ({category}). Row #{row} in your spreadsheet (tab {MM-YY}).

If the user explicitly asks for tracing/debugging/cost tracing, append a compact per-step trace summary using the last recorded trace file. Otherwise keep the normal success reply short.

Failure reply

If a step still fails after retries, say which step failed and include the error message.

Notes

  • Use {baseDir} exactly so the commands do not depend on the current working directory.
  • For old invoices, prefer --date YYYY-MM-DD instead of relying on same-day date inference.
  • OCR backend selection is machine-level: CLAWSHIER_VISION_PROVIDER=openai|ollama|auto (default: openai).
  • auto tries local Ollama first and falls back to OpenAI. Set to ollama to force local-only OCR.
  • Use CLAWSHIER_OLLAMA_MODEL, CLAWSHIER_OLLAMA_HOST, and CLAWSHIER_OLLAMA_MAX_DIMENSION to control the Ollama OCR backend.
  • When CLAWSHIER_TEST_MODE=1 is present in the environment, the handlers use local test fixtures and a local mock sheet store. Use that for safe smoke tests before touching real APIs.
  • Optional tracing: set CLAWSHIER_TRACE=1 to record per-step timing/usage metadata to .clawshier-last-trace.json. Show that trace in chat only when the user explicitly asks for tracing/debugging/cost tracing.

Comments

Loading comments...