Tyche Pro
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent copies and runs this block, they may execute malformed or hidden behavior that cannot be confidently reviewed from the visible artifact.
This appears inside the main Python code block for the invoice dashboard, but the content becomes non-printable/garbled instead of clear Python logic. That makes the executable behavior hard to inspect and is not explained by the invoicing purpose.
try:\n TAX_RATE = float(os.environ.get("TAX_RATE", "0"))\n LATE_FEE_RATE \u000fH\u0019... \u001b... \b...Do not run the inline Python until the publisher provides a clean, readable, complete source file without control characters and with reviewable invoice-processing logic.
Running this command could alter the local Python environment and install whatever Rich version is current at the time.
The skill documents an unpinned PyPI install and uses --break-system-packages, which can bypass Python environment protections. Installing Rich is purpose-aligned for console formatting, but the installation scope is broader than necessary.
pip3 install rich --break-system-packages --quiet
Install dependencies in a virtual environment and prefer a pinned package version; avoid --break-system-packages unless you understand and accept the system-level impact.
The skill will handle sensitive business billing data and a paid-license credential.
The skill requires a license key and is designed to read invoice data with customer emails and payment amounts. This is expected for a paid invoicing tool, and the visible code shows local hash checking rather than transmission.
requires:\n env: [LICENSE_KEY] ... INVOICES_FILE ... Columns: client_name, client_email, description, amount, due_date, status
Use a dedicated invoice CSV with only the records needed, keep the license key private, and verify the full readable code before processing real customer data.