Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Expense Report Pro
v1.0.3No more shoebox full of crumpled receipts at the end of the month. Snap a photo of any receipt — blurry, crumpled, foreign currency, handwritten tip — and Op...
⭐ 0· 69·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (receipt scanning, categorization, PDF reports) matches the included files: vision guidance in SKILL.md, category defaults, report HTML template, and a Python/Bash pair to render HTML→PDF. There are no unrelated credentials, binaries, or configuration requests.
Instruction Scope
SKILL.md instructs reading/writing only within an expenses/ directory, using the image/vision tool for receipts, and running the provided PDF-generation script. It explicitly warns about prompt-injection and treats extracted receipt text as data. The file paths and actions described (saving receipts, appending expense-log.json, running the renderer) are within the stated scope.
Install Mechanism
This is instruction-only (no automated install). The Python script documents dependencies (playwright and browser install). That is reasonable for PDF rendering but requires the user to install Playwright, which will download browser binaries (Chromium). No opaque network download URLs or extract/install steps bundled with the skill itself.
Credentials
The skill declares no required env vars, no credentials, and the files do not embed secrets or remote endpoints. Dashboard advisories mention optional external services (e.g., Supabase) but no credentials are required by the packaged skill.
Persistence & Privilege
always:false (default), the skill does not request persistent platform privileges or modify other skills. Setup steps create an expenses/ directory and copy default categories into it — expected for a local data store.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] expected: The SKILL.md contains explicit prompt-injection defense text (including the phrase 'Ignore previous instructions') and instructs the agent to treat receipt text as data. The pattern detector flagged the phrase but this is an intentional and appropriate defense.
Assessment
This package appears internally consistent with an on-device expense tracker. Before installing, consider: 1) Playwright must be installed separately and will download browser binaries (Chromium) — verify you want that dependency. 2) The scripts write temporary HTML to /tmp and require read/write access to an expenses/ directory; the Python script validates output paths and escapes HTML, but you should run it under the user account that owns the expenses data. 3) SKILL.md and SETUP-PROMPT instruct secure permissions (chmod 700/600) and filename sanitization — follow those instructions to reduce risk. 4) If you later connect the dashboard to remote services (Supabase/S3), you'll need to supply credentials then — review and restrict those before providing them. 5) As with any third-party skill, inspect and (optionally) run the scripts in a sandbox or isolated environment first to confirm behavior. Overall, nothing in the package indicates unexplained exfiltration or mismatched permissions.SKILL.md:45
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk9768wdnpv7ns0pemz86c551a983y5g8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.