Back to skill
Skillv1.0.1
ClawScan security
DailyExpenseTracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 21, 2026, 11:52 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (expense tracking) is plausible, but the runtime instructions reference an API token and local caching without declaring the required env/config settings or where data is stored, producing incoherence that warrants caution.
- Guidance
- Before installing or enabling this skill, confirm where the API token will be stored and how it will be read (openclaw.json vs environment variable). Ask the author to: (1) declare required config paths or environment variables in the skill metadata, (2) clarify caching behavior (exact file/path, retention, and access permissions), and (3) provide guidance on token scoping (use a least-privilege token). Do not provide high-privilege credentials until you verify storage is secure and the token is limited to only the actions this skill needs (create/read transactions, list wallets). If you cannot get clear answers or the skill insists on storing secrets in an obvious plaintext location, treat it as untrusted.
- Findings
[no-findings] expected: The regex scanner reported no findings. This is expected because the skill is instruction-only (no code files) so there was nothing for the static scanner to analyze. The SKILL.md itself contains the runtime behavior to evaluate.
Review Dimensions
- Purpose & Capability
- concernName and description match an expense-tracking integration and the SKILL.md contains reasonable API endpoints (transactions, wallets, categories). However, the SKILL.md expects an API token and refers to storing it under skills.entries.det.apiToken in openclaw.json, yet the skill metadata declares no required env vars or config paths. That mismatch (declared requirements: none vs instructions: require token/config) is an incoherence.
- Instruction Scope
- concernInstructions tell the agent to call the DET API with a Bearer token, cache wallet IDs locally after first fetch, and use a default wallet ID if unspecified. The doc also uses an environment variable ($DET_TOKEN) in curl examples while separately saying the token should be set in openclaw.json. The SKILL.md therefore references agent config, environment variables, and local caching without specifying where or how data is persisted or how secrets are read — granting broad discretion and creating ambiguity about what the agent will read/write at runtime.
- Install Mechanism
- okNo install spec and no code files (instruction-only). That minimizes installation risk because nothing is downloaded or written by a provided installer. Risk arises from the runtime instructions rather than an install step.
- Credentials
- concernThe skill clearly needs an API token to call the service, but the registry metadata lists no required env vars or config paths. The SKILL.md contradicts itself by referencing both skills.entries.det.apiToken (openclaw.json) and $DET_TOKEN. This inconsistency makes it unclear which credential is required and where it will be stored or read from — raising confidentiality and least-privilege concerns.
- Persistence & Privilege
- notealways:false (no forced persistence) which is appropriate. However, the instructions explicitly state 'Cache wallet IDs locally after first fetch' without specifying storage location, retention, or access controls. That implies the skill will persist data on the agent (or in its config) and should be clarified before use.