Expense Tracker Daily
v1.0.2智能记账助手。当用户提到记账、花钱、支出、消费、花费、记录开销、查账、统计支出、账单等意图时触发。 支持自然语言输入("午饭花了35"、"打车25块"、"昨天买衣服200"),自动分类,多维度统计分析。 关键词:记账, 花钱, 支出, 消费, 花费, 账单, 查账, 统计支出, 记录开销, 钱花哪了, 月度统计.
⭐ 0· 110·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Chinese expense-tracker) align with the included script and instructions. The skill is self-contained: it provides a CLI-like Python script that adds/lists/deletes/stats expenses and a keyword mapping for categorization. Nothing requested (no env vars, no external services) is extraneous to the stated purpose. Note: SKILL.md templates reference running 'python' via SKILL_DIR, but the registry metadata lists no required binaries — this is operational but not a security mismatch.
Instruction Scope
SKILL.md directs the agent to run the bundled scripts/expense_tracker.py with explicit commands and options. The script only reads/writes local files under the skill's DATA_DIR and reads the local category map. There are no instructions to read arbitrary system files, access network endpoints, or exfiltrate data. One small inconsistency: SKILL.md and README refer to local storage but use slightly different directory names (SKILL.md: ~/.qclaw/workspace/expense-tracker-data/expenses.json; README: ~/.qclaw/workspace/expense-tracker-daily-data/). This is a documentation mismatch that may affect where data is actually stored.
Install Mechanism
No install spec is included (instruction-only skill with a bundled Python file). There are no downloads, no external packages, and the Python script uses only standard library modules (argparse, json, pathlib, datetime). This is low-risk from an install/execution standpoint.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script uses a single per-user data directory under the home path and does not request or attempt to read secrets or unrelated configs. This level of access is proportionate to its function.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes only to its own data directory and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with broad access.
Assessment
What to check before installing:
- Data location mismatch: README and SKILL.md use different data-directory names ("expense-tracker-data" vs "expense-tracker-daily-data"). The actual code writes to ~/.qclaw/workspace/expense-tracker-data; verify that path if you rely on backups or expect a different folder.
- Inspect the local JSON files: expenses.json and config.json are stored under your home directory. If you keep sensitive notes in descriptions, consider encrypting or limiting access to that folder.
- Confirm Python availability: the skill runs python from PATH. If your environment lacks python or uses a different interpreter, the skill won’t run until you install/configure one.
- Keyword overlaps: some keywords (e.g., '网费') appear in multiple categories; classification is heuristic. Expect occasional misclassification and confirm critical entries.
- Privacy: the skill is local-only (no network calls in the code), but always review any future updates/PRs for added network or telemetry code.
Overall: the skill is internally consistent and low-risk; the issues are documentation/operational (path names, category heuristics) rather than malicious. If you are satisfied with local JSON storage, it is reasonable to install and use.Like a lobster shell, security has layers — review code before you run it.
latestvk9780gf882ed848tpsvc4p1cns84g94h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.