ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ach Volume Estimator

v1.0.0

Estimate Dwolla's end-of-month ACH transaction volume from daily KPI emails. Use when processing ACH KPI emails, when Dave asks about monthly volume projecti...

0· 94·0 current·0 all-time
by@daveglaser0823

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daveglaser0823/ach-volume-estimator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ach Volume Estimator" (daveglaser0823/ach-volume-estimator) from ClawHub.
Skill page: https://clawhub.ai/daveglaser0823/ach-volume-estimator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ach-volume-estimator

ClawHub CLI

Package manager switcher

npx clawhub@latest install ach-volume-estimator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description describe an ACH volume estimator and the included Python forecasting/revenue scripts are consistent with that. However, the SKILL.md explicitly instructs use of a Gmail CLI against glaser.dave@gmail.com, reading/writing files under ~/clawd, and invoking a local dashboard generator and internal IP (192.168.1.60). The manifest declares no required env vars, binaries, or install steps; that is inconsistent with what the skill actually requires to run.
!
Instruction Scope
Runtime instructions tell the agent to fetch an email (specific account), download a PDF attachment, extract numbers, run local Python scripts, and publish to a local dashboard. These steps read and write files in the user's home (~/clawd/work, revenue_calibration.json), rely on an external Gmail CLI ('gog gmail') and a local dashboard service, and would require credentials/config already present. The instructions do not request or document those credentials or tools.
!
Install Mechanism
No install spec is provided (instruction-only), yet the package includes multiple Python scripts and the SKILL.md expects them to exist at specific paths (~/clawd/skills/ach-volume-estimator/scripts/ and ~/clawd/scripts/ach-dashboard-gen). This is an incoherence: either the skill must install those files or the instructions should not assume they are present. Lack of an install step means a user could be misled about how these files arrive on disk.
!
Credentials
The skill does not declare any required environment variables or credentials, but the workflow needs access to a Gmail account (glaser.dave@gmail.com) via a CLI (implying OAuth tokens or local config), and reads/writes sensitive local files (~/clawd/work/*, revenue_calibration.json). It also references an internal IP dashboard. Requesting none of these in the manifest is disproportionate and obscures the actual privileges needed.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes. It will run Python scripts and read/write files in the user's ~/clawd area, which is expected for this tool. Note: the skill can be invoked autonomously (platform default); combined with the undeclared credential/file access above, that increases risk and should be considered by the user.
What to consider before installing
This skill appears to implement what its name says, but the SKILL.md and included scripts assume access to resources that are not declared in the manifest: a specific Gmail account (via a 'gog gmail' CLI), local files under ~/clawd (including revenue_calibration.json and the dashboard HTML), and a local dashboard service at 192.168.1.60. Before installing or enabling this skill: 1) verify you trust the skill author and inspect the provided scripts locally (they are included) to confirm there is no hidden exfiltration; 2) be aware you must already have a Gmail CLI configured (or provide credentials)—do not use your primary account; use a least-privileged account or service account; 3) ensure you understand where files will be read/written (~/clawd) and that calibration files may contain sensitive financial data; 4) because there is no install step declared, confirm how/where the scripts will be installed and that they run in a controlled environment (VM/container) if you are unsure; 5) if you plan to allow autonomous invocation, consider restricting it until you confirm the skill's behavior and necessary credentials. If any of the above is unexpected, treat the skill as not ready for production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9707qd423rsrfwdxwydhdesvn84hpzg
94downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@daveglaser0823
latest
Download

ACH Monthly Volume Estimator

Workflow

  1. Fetch the ACH KPI email:

    gog gmail messages search "subject:ACH KPIs" --account glaser.dave@gmail.com --max 1 --json

  2. Download the PDF attachment (contains all charts and data):

    # Get message details with attachment IDs
gog gmail get <MESSAGE_ID> --account glaser.dave@gmail.com --json
# Find the attachment named "ACH KPIs.pdf" (mimeType: application/pdf)
# Download it:
gog gmail attachment <MESSAGE_ID> <ATTACHMENT_ID> --account glaser.dave@gmail.com --out ~/clawd/work/ach-kpis-latest.pdf

  3. Extract data from the PDF. The PDF contains Tableau dashboard exports with:

    • ACH Transactions chart: MoM bar chart with monthly totals, per-BD averages, 5/20/60-day comparisons
    • Client Growth charts (10K and 5K thresholds)
    • Top 60 Clients tables (60-day and 20-day comparisons)

    Key numbers to extract:

    • Current month transaction total (partial, from MoM bar chart)
    • Business days elapsed (derive from date range in "Prev. 20 Days" row or count from month start to report date)
    • YTD avg transactions per business day
    • SPLY monthly total for comparison

  4. Run the estimator:

    python3 ~/clawd/skills/ach-volume-estimator/scripts/estimate.py \
  --transactions <MTD_TOTAL> --bds-elapsed <BDS_SO_FAR> [--month YYYY-MM]

    Or if you already have per-BD rate:

    python3 ~/clawd/skills/ach-volume-estimator/scripts/estimate.py \
  --per-bd <RATE> [--month YYYY-MM]

    Add --json for structured output.

  5. Compare to benchmarks:

    • Jan 2026 actual: 6.12M (20 BDs, 305K/BD)
    • Dec 2025 actual: 6.41M (22 BDs, 291K/BD)
    • SPLY from the PDF MoM chart

  6. Generate the visual dashboard:

    ~/clawd/scripts/ach-dashboard-gen

    This reads ~/clawd/work/ach-reports/latest-ach-data.json (or falls back to the latest markdown report) and writes ~/clawd/work/ach-reports/dashboard.html. View at: http://192.168.1.60:3013/html/work/ach-reports/dashboard.html TV mode: http://192.168.1.60:3013/html/work/ach-reports/dashboard.html?tv=1

  7. Deliver: Include estimate in the ACH KPI summary sent to Dave. Include the dashboard URL.

Output Format

One-liner: 2026-02 estimate: 5.81M txns | (19 BDs, 12 elapsed, 7 remaining) | 306,000/BD | (3,672,000 so far)

Business Day Calendar

Script uses US Federal Reserve bank holiday calendar (2025-2027 hardcoded). Excludes weekends and all Fed holidays (New Year's, MLK, Presidents' Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Columbus Day, Veterans Day, Thanksgiving, Christmas).

Integration

Wire into the existing "Daily ACH KPIs summary to Dave" cron (9:30 AM ET weekdays). After extracting email data, run the estimator and append the monthly projection to Dave's summary.

Comments

Loading comments...