Revenue Tracker (Tianyi)
v1.0.0Track and manage income, expenses, task pricing, and generate daily, weekly, and monthly financial reports locally without external data sharing.
⭐ 0· 289·0 current·0 all-time
bytianyi@fffdz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is local revenue tracking and report generation. The SKILL.md mostly matches that purpose (logs, reports, pricing). However it also claims 'scripts code completely transparent' while no script files are actually bundled, and it advertises a GitHub homepage though the registry metadata lists source as unknown. Those contradictions reduce confidence that the package delivers what it claims.
Instruction Scope
Runtime instructions reference multiple PowerShell scripts under scripts/* and describe scheduled jobs (daily 23:00) and modifications to survival-config.json (integration with another skill). But the published bundle contains only README.md and SKILL.md — the scripts to perform file I/O, scheduling, and integration are missing, so the agent cannot audit or follow the declared runtime behavior. The SKILL.md also states it will invoke AI models (used for pricing/analysis) while simultaneously asserting 'no external API calls', a contradiction about data leaving the machine.
Install Mechanism
There is no install spec and this is instruction-only, which is lowest risk from an installation perspective. Nothing will be downloaded or written by an installer as part of the skill package itself.
Credentials
The skill declares no required environment variables or credentials, which aligns with local-only claims. However it also documents OpenClaw model invocation for analysis/pricing; model calls typically involve external model providers (or platform-mediated network calls). The SKILL.md's privacy claim ('no external API calls') conflicts with the documented model usage, so it's unclear whether sensitive financial data would be sent out.
Persistence & Privilege
The skill does not request always:true and is user-invocable, which is appropriate. It does, however, claim integration with 'survival-manager' and suggests editing survival-config.json; that implies cross-skill config changes or shared files. Changing other skill/config files should be explicitly documented and consented to — the current instructions don't show safeguards for that.
What to consider before installing
Do not install yet. Ask the publisher to provide the missing scripts (scripts/*.ps1) so you can review them; until those files are present the claim 'scripts code completely transparent' is false. Clarify where model invocations go — if OpenClaw routes model inputs to a remote provider, your financial data may leave the machine despite the 'no external API calls' statement. Confirm the repository/homepage and why registry metadata lists source as unknown. Verify OS compatibility (the scripts are PowerShell but no OS restriction is declared). If you proceed, only install after you (or someone you trust) has reviewed the actual script code and confirmed no unexpected network calls, and ensure any edits to survival-config.json are explicitly reviewed and consented to.Like a lobster shell, security has layers — review code before you run it.
latestvk979k2f2kv48szwd3j54y3m1nx8203f1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.