Tyche — Invoice & Payment Tracker
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this way could affect system Python packages or pull a future version of the dependency that was not reviewed with the skill.
The setup step installs an unpinned third-party package and uses '--break-system-packages', which can modify the user's Python environment beyond a project-local scope.
pip3 install rich --break-system-packages --quiet
Prefer installing dependencies in a virtual environment and pinning a known package version, for example 'python3 -m venv .venv' followed by a pinned 'pip install rich==<version>'.
Invoice files and payment instructions may expose customer lists, outstanding balances, or bank/payment details in generated output.
The skill processes client contact details, invoice amounts/statuses, and optional payment instructions; this is expected for invoicing but is still sensitive business data.
client_name,client_email,description,amount,due_date,status ... PAYMENT_METHOD ... 'Bank transfer to: BSB 123-456 Account 7890'
Use only invoice CSVs you intend the agent/local script to process, avoid including unnecessary sensitive fields, and review generated invoice/reminder text before sharing it.