ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Cfo

v1.0.0

Full AI Chief Financial Officer — connects Mercury Banking + Stripe into real-time business intelligence. Daily cash position, automated P&L, revenue trackin...

0· 749·3 current·3 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Functionality (Mercury + Stripe + OpenRouter for categorization, local SQLite storage, cron automation) matches the 'AI CFO' description. However the registry metadata reported 'Required env vars: none' while the SKILL.md and both scripts clearly require MERCURY_API_TOKEN (or MERCURY_API_KEY), STRIPE_API_KEY and OPENROUTER_API_KEY. This metadata mismatch is an incoherence that could lead to missing security review or surprise prompts for credentials at runtime.
Instruction Scope
Runtime instructions and code are scoped to fetching data from Mercury and Stripe, calling openrouter.ai for categorization, storing results in .data/sqlite/cfo.db, and optionally running daily cron jobs. Nothing in SKILL.md or the code instructs reading unrelated system files. One caution: ai_cfo.py attempts to import a Langfuse tracing helper from ../../../tools/lf_trace if present — if that helper exists in the environment it will be used to trace API/LLM calls (potential telemetry).
Install Mechanism
No install spec is provided (instruction-only plus included Python scripts). There are no downloads or archive extraction steps in the package, so nothing arbitrary is fetched during install.
Credentials
The requested credentials (Mercury banking token, Stripe API key, OpenRouter API key) are proportionate to the stated functionality. The skill documents that Stripe/Mercury keys should be read-only/restricted. The inconsistency is that the registry metadata omitted these requirements even though the code enforces them (STRIPE and OPENROUTER are required via _env() in ai_cfo.py; Mercury token is required or falls back to alternative names).
Persistence & Privilege
The skill is not marked always:true and does not attempt to change other skills or system-wide agent settings. It persists data in a local SQLite DB at .data/sqlite/cfo.db (within the skill directory), and cron use is only suggested in documentation (user-driven).
What to consider before installing
Before installing: 1) Confirm the registry metadata omission — expect to provide MERCURY_API_TOKEN (or MERCURY_API_KEY), STRIPE_API_KEY, and OPENROUTER_API_KEY; only supply read-only / restricted Stripe and Mercury keys. 2) Review and control where the skill runs: it writes a local DB at .data/sqlite/cfo.db — store that in a directory with appropriate permissions and backups. 3) Consider running the skill in an isolated/staging environment first and restrict network access as needed. 4) Note the scripts call openrouter.ai (LLM) and will send transaction text there for categorization — if that contains sensitive customer data you may need to redact or avoid using the OpenRouter step. 5) The code will attempt to import a local Langfuse tracing helper if present (../../../tools/lf_trace) which could emit telemetry if your environment provides it — ensure you know whether such tooling exists and what it reports. 6) If you proceed, use least-privilege API keys, whitelist IPs on Mercury if possible, and rotate keys after testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qv9wt663r4p077ba0k76ms8180he

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments