nanyuu

This skill largely does what it claims (fetch Gmail receipts via the gog CLI, send raw email JSON to a local OpenClaw Gateway for extraction, store results locally, and export anonymized CSV). Before installing or running it, consider the following: - Provenance mismatch: the registry metadata (name/slug/owner/version) does not match the SKILL.md and _meta.json inside the package. Ask the publisher to clarify why, and prefer only skills whose package metadata matches the registry. - Local config access: the code will read ~/.openclaw/openclaw.json as a fallback for the Gateway token but the skill did not declare this config path. If that file contains other secrets, verify what it holds before proceeding. - Gmail access: the skill requires the gog CLI to be authenticated to your Gmail account. That gives the skill access to emails; run the gog commands yourself to confirm account(s) and inspect the gog auth configuration before granting access. - User confirmation: the SKILL.md instructs the agent to ask for explicit user consent before sending raw receipt JSON/HTML to the Gateway. The bundled scripts do not enforce interactive confirmation — ensure the agent will prompt you and do not run the extraction scripts unattended unless you have reviewed the data flow. - Local-only guarantee: the code enforces that the Gateway URL resolves to localhost/127.0.0.1/::1. Verify your OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN are set correctly and that the Gateway is indeed local. If you do not trust the publisher or cannot confirm the provenance discrepancy, run the provided Python scripts manually (inspect them first), and avoid giving the agent direct autonomous permission to run them. If you proceed, back up/remove any sensitive files (emails.json) when finished.