phoenixclaw-ledger
v0.0.2Passive financial tracking plugin for PhoenixClaw. Automatically detects expenses and income from conversations and payment screenshots. Use when: - User mentions money/spending (any language) - User shares payment screenshots (WeChat Pay, Alipay, etc.) - User asks about finances ("How much did I spend?", "My budget") - User wants expense reports ("Monthly summary", "Spending analysis")
⭐ 1· 2k·4 current·4 all-time
bybetterest@goforu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with requested data access and behavior: the skill hooks into post-moment-analysis, declares data_access for moments, user_config and memory, and documents extracting amounts, merchants, categories, and writing them to ~/PhoenixClaw/Finance/ledger.yaml — all consistent with a ledger/tracker.
Instruction Scope
Runtime instructions are narrowly scoped: scan conversation moments and payment screenshots, extract transaction fields, deduplicate, categorize, store locally, and export journal sections. The SKILL.md references only PhoenixClaw core artifacts (moments, config, cron) and local paths; there are no instructions to exfiltrate data or read unrelated system files.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written by an installer step, minimizing disk-write risk.
Credentials
Requires no environment variables, no external credentials, and no config paths beyond the PhoenixClaw config (~/.phoenixclaw/config.yaml) and its own ledger dir under the user's home. Requested access (moments, user_config, memory) is proportional to passive expense detection.
Persistence & Privilege
The skill writes structured data and rendered markdown into the user's home (~/PhoenixClaw/Finance/, journal files) and integrates with the Core cron pipeline. always:false and no autonomous-enablement flags reduce risk. Users should be aware it will store potentially sensitive financial and screenshot image data locally.
Assessment
This skill appears internally consistent for passive expense tracking, but it handles sensitive data (transaction amounts, merchants, and payment screenshots). Before installing: 1) Inspect references/payment-screenshot.md to confirm whether OCR is performed locally or via a remote service (remote OCR would send images off-device). 2) Decide whether you want PhoenixClaw to passively scan conversations and screenshots — if not, keep the plugin disabled by default and only enable on explicit user request. 3) Confirm where receipts/images are stored (the skill notes assets paths and ~/PhoenixClaw/Finance/) and consider encrypting or restricting filesystem access to those folders. 4) Review and, if needed, tighten configuration (e.g., screenshot_confidence threshold, data retention, masking rules). If you want broader assurance, request the Core/agent policy that governs what moments are made available to plugins and whether PhoenixClaw runs fully locally or contacts external services.Like a lobster shell, security has layers — review code before you run it.
latestvk978evhhdsthbdqcawtaak1kmh80empg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.