ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TCS Expense Claim Processor

v1.0.0

End-to-end business travel expense claim processor. Use this skill whenever a user uploads receipts, bills, invoices, or screenshots of expenses and wants to...

1· 53·0 current·0 all-time
byArun Prasad@insanelyqurious
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The description (end-to-end expense claim processing) aligns with the two included scripts (PDF merging and XLSX generation) and the TCS category docs. However, the SKILL.md requires visual extraction/OCR and automatic classification of receipts (Phase 1 & 2), yet there is no code provided to perform OCR or automated parsing — the included scripts only consume pre-structured JSON manifests. This gap means the skill as packaged is not fully implementing its claimed end-to-end capability.
!
Instruction Scope
The runtime instructions tell the agent to list and read files in /mnt/user-data/uploads/ and to 'read visually' to extract invoice data. They also reference script paths like scripts/build_pdfs.py and scripts/build_xlsx.py and documents at /mnt/skills/public/pdf/SKILL.md and /mnt/skills/public/xlsx/SKILL.md. In the package, the actual script files are build_pdfs.py and build_xlsx.py at the repository root (no scripts/ directory) and the referenced public SKILL.md/xlsx files are not present. These path mismatches and the broad 'read visually' instruction (which implies OCR/vision capabilities) are inconsistencies that could cause runtime errors or unexpected agent behavior.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. The Python scripts require third-party packages (openpyxl, pypdf, img2pdf, Pillow) but the skill does not declare dependencies or provide an install step — SKILL.md prints pip install hints. This is a modest operational risk (missing deps) but not an execution-of-untrusted-code-red-flag by itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The files and outputs are constrained to /mnt/user-data/uploads/ and /mnt/user-data/outputs/, which fits the stated purpose of processing user-uploaded receipts.
Persistence & Privilege
The skill does not request always:true and is user-invocable only; it does not request elevated or persistent privileges. Autonomous invocation is allowed by default but is not combined here with broad credential access or other concerning privileges.
What to consider before installing
This skill appears to be a plausible receipt-packaging helper, but it is incomplete and inconsistent in important ways. Before installing or using it: - Confirm the source/author (no homepage provided) — avoid running unknown scripts on sensitive data. - Verify where the scripts actually live and update SKILL.md references (SKILL.md expects scripts/ but files are at repo root). - Note that there is no OCR/parsing implementation included: you or the agent must produce the structured JSON manifests (expenses.json / bills_manifest.json) that the included scripts consume. If you expect the skill to extract text from images automatically, it does not do that as packaged. - Ensure required Python packages (openpyxl, pypdf, img2pdf, Pillow) are available in the runtime; the skill suggests pip hints but doesn't install them. - The code itself has no network endpoints or secret access, but SKILL.md suggests fetching live FX rates 'if web search is available' — clarify whether that will cause network calls in your environment and whether you are comfortable with that. - Test on non-sensitive sample receipts first to validate file paths, manifests, and outputs. If you need true end-to-end automated OCR and classification, request or implement an OCR/parsing component and fix the path mismatches before trusting this skill with real expense data.

Like a lobster shell, security has layers — review code before you run it.

currencyvk97ffghk6gx5yhxxc639v1sq9h849hrxexpensevk97ffghk6gx5yhxxc639v1sq9h849hrxfinancevk97ffghk6gx5yhxxc639v1sq9h849hrxlatestvk97ffghk6gx5yhxxc639v1sq9h849hrxlatestlatestvk97ffghk6gx5yhxxc639v1sq9h849hrxpdfvk97ffghk6gx5yhxxc639v1sq9h849hrxreceiptsvk97ffghk6gx5yhxxc639v1sq9h849hrxreimbursementvk97ffghk6gx5yhxxc639v1sq9h849hrxtcsvk97ffghk6gx5yhxxc639v1sq9h849hrxtravelvk97ffghk6gx5yhxxc639v1sq9h849hrxxlsxvk97ffghk6gx5yhxxc639v1sq9h849hrx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments