Expense Report Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
Expense Report Pro mostly fits its stated expense-tracking purpose, but its setup can overwrite existing expense files and its privacy/security claims are stronger than the artifacts support.
Before installing, back up or inspect any existing expenses/ directory and do not let setup overwrite files blindly. Verify how your agent, chat platform, vision model, and search provider handle receipt data, and install Playwright dependencies only from trusted sources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If setup is run in a workspace that already has an expenses directory, existing financial records or custom rules could be overwritten.
The setup flow writes over expense-log.json and config.json, and copies categories.md, without checking whether those files already exist or asking for backup/confirmation.
echo '[]' > expenses/expense-log.json ... cat << 'EOF' > expenses/config.json ... cp skills/expense-report-pro/config/default-categories.md expenses/categories.md
Back up any existing expenses directory first, and change setup to initialize files only when missing or after explicit user confirmation.
Users may send financial receipts or expense details under an overconfident privacy assumption, without checking how their chat, vision, model, or search providers handle the data.
The skill handles sensitive receipts but combines external chat/agent usage with very strong privacy and verification claims that the included artifacts do not substantiate.
"100% private" ... "Text or DM your agent the receipt in Telegram, Discord, Slack, etc." ... "Everything stays on your machine" ... "Codex Security Verified"
Treat the privacy badge and local-only claims as unverified; confirm your OpenClaw deployment and any chat/vision/search providers before processing sensitive receipts.
Anyone with access to the workspace, backups, or synced files could read expense history and receipt images; local category/config files may also influence future categorization.
The skill persistently stores and reuses local financial records and receipt images, which is expected for expense tracking but sensitive.
`expenses/expense-log.json` - The main database of all expenses. `expenses/receipts/` - Directory containing saved receipt images.
Keep the expenses directory private or encrypted, avoid storing full card numbers, and review local expense/config/category files before relying on reports.
Report generation may require installing external packages that are not declared in the registry requirements.
The package metadata says there is no install spec, but the PDF generation path depends on Playwright and a Chromium browser install.
Dependencies: pip install playwright && playwright install chromium
Install Playwright/Chromium only from trusted sources and review dependency installation steps before running report generation.