DailyExpenseTracker
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only expense tracker integration is purpose-aligned, but it uses an account API token and can create transaction records, so users should review changes before allowing them.
Use this skill only if you trust DailyExpenseTracker and are comfortable configuring its API token. Before allowing it to record anything, verify the amount, date, wallet, category, and transaction type, especially because it has a default wallet and only explicitly requires confirmation for amounts over ₹5000.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An incorrect API call could add an unwanted expense, income, or transfer entry and affect reported balances.
The skill can create transaction records through the provider API. This matches the expense-tracking purpose, but it can still change a user's financial ledger if invoked incorrectly.
curl -X POST "https://dailyexpensetracker.in/api/transactions" ... "amount": 100 ... "type": "expense"
Require clear user intent before creating transactions, and confirm wallet, category, amount, date, and type before submitting.
Anyone or anything with this token may be able to read or modify the user's expense-tracking data depending on the token's privileges.
The integration requires a bearer token that grants access to the user's DailyExpenseTracker account. This is expected for the API integration, though the registry metadata does not declare a primary credential.
**Token:** Set in `skills.entries.det.apiToken` in openclaw.json **Auth Header:** `Authorization: Bearer <token>`
Store the token securely, use the least-privileged token available, and revoke or rotate it if the skill is removed or no longer trusted.
Cached wallet identifiers could be reused later and may cause transactions to be assigned to the wrong wallet if the cache becomes stale.
The skill instructs the agent to persist wallet IDs locally. This is limited and useful for the integration, but cache scope and retention are not specified.
Fetch wallets dynamically via `/api/wallets` endpoint. Cache wallet IDs locally after first fetch.
Refresh wallet IDs when needed and provide a way to clear or update any local cache.