Tyche — Invoice & Payment Tracker
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: tyche Version: 1.0.1 The 'tyche' skill is a legitimate invoicing and payment tracking tool that operates locally. The Python code in SKILL.md processes a user-provided CSV file to calculate totals, taxes, and late fees, displaying the results via the 'rich' library and saving a report to a markdown file. No evidence of data exfiltration, unauthorized network access, or malicious intent was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this way could affect system Python packages or pull a future version of the dependency that was not reviewed with the skill.
The setup step installs an unpinned third-party package and uses '--break-system-packages', which can modify the user's Python environment beyond a project-local scope.
pip3 install rich --break-system-packages --quiet
Prefer installing dependencies in a virtual environment and pinning a known package version, for example 'python3 -m venv .venv' followed by a pinned 'pip install rich==<version>'.
Invoice files and payment instructions may expose customer lists, outstanding balances, or bank/payment details in generated output.
The skill processes client contact details, invoice amounts/statuses, and optional payment instructions; this is expected for invoicing but is still sensitive business data.
client_name,client_email,description,amount,due_date,status ... PAYMENT_METHOD ... 'Bank transfer to: BSB 123-456 Account 7890'
Use only invoice CSVs you intend the agent/local script to process, avoid including unnecessary sensitive fields, and review generated invoice/reminder text before sharing it.