Clawshier
ReviewAudited by ClawScan on May 10, 2026.
Overview
Clawshier matches its receipt-to-Google-Sheets purpose, but it automatically makes persistent spreadsheet changes that deserve review before use.
Install only if you are comfortable giving it a Google Sheets service account and sending receipt images to the selected OCR provider. Use a dedicated empty spreadsheet, back it up before first use, and consider fixing Sheet1 deletion and formula escaping before processing untrusted receipts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured spreadsheet already has useful data in a tab named Sheet1, that tab could be removed during normal use.
After storing an expense, the skill deletes any tab named Sheet1 in the configured Google spreadsheet. This is disclosed, but the code does not check whether that tab is empty or ask for confirmation.
await deleteSheetIfExists(spreadsheetId, "Sheet1");
Use a dedicated empty spreadsheet, back it up first, and consider changing the skill to delete Sheet1 only after confirming it is empty or after explicit user approval.
A malicious or malformed receipt could cause unexpected formulas or links to be inserted into the spreadsheet and then shared or synced with other users of that sheet.
appendRow and appendRows write values as USER_ENTERED. Since the stored vendor/category/item fields come from OCR and LLM output, formula-like text from a receipt could be interpreted by Google Sheets rather than stored as plain text.
valueInputOption: "USER_ENTERED"
Write untrusted receipt-derived text with RAW mode or escape leading formula characters such as =, +, -, and @ before appending rows.
The service account can modify spreadsheets it has been granted access to, including the configured expense spreadsheet.
The skill uses a Google service account with Sheets API write authority. This is expected for logging expenses, but it is still a meaningful account permission.
scopes: ["https://www.googleapis.com/auth/spreadsheets"]
Share only a dedicated expense spreadsheet with this service account and avoid reusing a broadly privileged Google key.
Receipt images may contain personal or financial details and will be sent to the configured OCR provider unless local Ollama mode is used.
By default, the skill base64-encodes the provided receipt image and sends it to OpenAI Vision for OCR. README/SKILL.md disclose OpenAI as the default OCR backend.
image_url: { url: `data:${mime};base64,${base64}` }Use local Ollama mode for sensitive receipts, or only process receipts you are comfortable sending to the configured provider.
On macOS with Ollama image resizing, the skill invokes a local system tool against the provided image path.
The skill can run the local macOS sips binary to resize images for Ollama. This is purpose-aligned and does not use shell interpolation, but it is still local command execution.
execFileSync("sips", ["-Z", String(maxDimension), imagePath, "--out", tempPath], { stdio: "ignore" });Keep using argument-array execution and avoid processing untrusted paths; disable Ollama resizing if local command execution is not acceptable.