Smart Expense Tracker Cn

What to consider before installing: - Clarify the binary requirements: SKILL.md lists jq and tesseract (reasonable for OCR + JSON), but the registry metadata you provided lists none — ask the publisher to confirm required binaries and versions. - Ask for the skill source or a repository / homepage. Unknown source increases risk. - Ask the author to provide a plain-text SKILL.md with control characters removed and to explain why unicode control characters were present. Use a hex or control-character viewer to inspect the file yourself. - Confirm how external integrations work: the doc mentions emailing reports, QQ/WeChat bots, and an API for enterprise — request details about endpoints, where images/receipts are uploaded, and what credentials are needed. Do not supply email/QQ/API credentials until you understand the data flow and storage policies. - Request a privacy/security statement: where user data (images, receipts) is stored, whether OCR is performed locally (tesseract) or sent to remote services, retention policy, and whether data is shared with third parties. - If you plan to test it, run it in a restricted sandbox account without real personal or financial data and without privileged credentials. - If the publisher cannot explain the control characters or provide transparent integration details, avoid installing or granting credentials. In summary: the skill's declared capabilities are plausible, but the hidden-control-character finding, metadata mismatch, and vagueness about external connectors are red flags — get clarification and the source code before trusting it with real data or credentials.