智能记账本
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent local expense-tracking skill; the main thing to notice is that it persistently stores personal spending records in a local JSON file.
This appears safe for its stated purpose as a local expense tracker. Before installing, be aware that anything you record may be saved in data.json in the skill directory, and manual local-development installs may fetch the OpenClaw SDK from npm.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your spending records may remain on disk in the skill folder and can be shown again by the skill later.
The skill stores user expense records persistently in a local JSON file so they can be reused for later statistics and listings.
this.dataFile = path.join(__dirname, 'data.json'); ... fs.writeFileSync(this.dataFile, JSON.stringify(this.expenses, null, 2));
Use it only if you are comfortable storing expense details locally; avoid entering sensitive notes and know where data.json is stored.
If you install dependencies manually, your environment may fetch code from npm rather than only using the reviewed files.
The manifest declares a version-ranged npm dependency for the OpenClaw SDK, which is normal for an OpenClaw integration but can resolve to newer compatible package versions during npm-based local development.
"dependencies": { "@openclaw/sdk": "^2026.3.2" }Install from trusted sources and consider pinning dependency versions if you need reproducible local development.