ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ledger Project Expense Entry

v1.0.0

Record natural-language project expense messages into ledger JSONL. Use when user sends "项目+支出" directly (e.g., "OpenClaw 服务器 89"), wants quick记账, or asks to...

0· 38·0 current·0 all-time
by@shing19
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (append natural-language project expense messages into ledger JSONL) align with the SKILL.md actions (parse fields, pick date, write via an add_ledger_entry.py script). However the skill assumes existence of a specific repository layout (projects/data, projects/docs/CATEGORY_CATALOG.md, projects/scripts/add_ledger_entry.py) without declaring or bundling those files — reasonable for a repo-specific assistant, but unexpected in a generic skill.
!
Instruction Scope
The run instructions tell the agent to obtain the local date, read a local category catalog, and execute a local Python script to append data. That means the agent will access and modify files on disk and execute arbitrary code present at projects/scripts/add_ledger_entry.py. While these actions are coherent with 'append ledger entries', they grant filesystem and code-execution scope beyond purely conversational behavior and could be risky if the referenced files or script are untrusted or absent.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code — nothing will be downloaded or installed by the skill itself. That lowers supply-chain risk, but it also means the correctness/safety of runtime behavior depends entirely on local files and scripts.
Credentials
The skill requests no environment variables, credentials, or external config paths. The only required resources are local repository paths referenced in the instructions; these are proportionate to the described bookkeeping task but should be present and trusted.
Persistence & Privilege
always is false (normal). disable-model-invocation is false (agent may invoke autonomously). Autonomous invocation combined with file-write + script-execution instructions increases the blast radius if the agent is allowed to act without user confirmation. This is not automatically disallowed, but it's a meaningful consideration for safety.
What to consider before installing
This skill will try to read projects/docs/CATEGORY_CATALOG.md and run projects/scripts/add_ledger_entry.py on your system — those files are not provided by the skill. Before enabling or using it: 1) confirm those paths exist in the target workspace and inspect the Python script to ensure it is safe and does only what you expect; 2) back up your ledger files or test in a copy; 3) prefer requiring user confirmation for each write (disable autonomous invocation if you want manual oversight); 4) if you do not have the repo structure, don’t enable the skill or modify the instructions to target a safe, reviewed tool. If you want, provide the add_ledger_entry.py and CATEGORY_CATALOG.md here (or point to a trusted repo) so I can evaluate them too.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qjm8eah2kf110wh7dwrkdh83yfxp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments