ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

支出预警管控虾

v1.0.0

支出预警管控虾 — 实时监控预算执行,发现超支或异常消费时自动报红。 当以下情况时使用此 Skill: (1) 需要校验某笔支出申请是否超出预算 (2) 需要批量核对支出流水与预算配置 (3) 需要生成预算执行报告(各部门/项目使用率) (4) 需要检测异常消费(金额异常、频次异常、类目异常) (5) 需要配置预...

0· 107·0 current·0 all-time
byRicky@tujinsama

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tujinsama/budget-alert-claw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "支出预警管控虾" (tujinsama/budget-alert-claw) from ClawHub.
Skill page: https://clawhub.ai/tujinsama/budget-alert-claw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install budget-alert-claw

ClawHub CLI

Package manager switcher

npx clawhub@latest install budget-alert-claw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (real-time budget monitoring, anomaly detection, automatic Feishu push, Excel and natural-language input) broadly matches a budget-alert tool, but the shipped artifacts are a single CLI Python script that reads CSVs and prints results. SKILL.md/refs mention Excel parsing, pandas, a shell script (scripts/budget-check.sh) and NLP extraction; those are not implemented or present. This mismatch suggests the package does not fully implement the claimed capabilities.
!
Instruction Scope
SKILL.md instructs pushing notifications to Feishu using a `message` tool and describes extracting budget config from Excel or natural-language input. The provided script only reads CSVs, prints or writes CSV output, and contains no network/notification code or NLP. The instructions therefore give the agent broader operational scope than the code actually performs and are vague about required credentials for notifications.
Install Mechanism
No install spec (instruction-only with a small script). There is no downloader, no external packages forced by an installer. This is low install risk.
!
Credentials
No environment variables or credentials are declared, yet SKILL.md references sending Feishu messages (which would require API tokens) and collaboration with other 'claws' (which may imply other credentials). Also SKILL.md mentions pandas as a requirement but the Python script uses only stdlib. Missing declared credentials or env vars for notification/integration is a discrepancy and a potential hidden requirement.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. It is a normal, non-persistent CLI-style tool.
What to consider before installing
This package appears to be a lightweight CSV-based budget checker rather than the full-featured real-time, Excel/NLP/pandas, Feishu-integrated system described in SKILL.md. Before installing or granting access: (1) Confirm whether you need Feishu/other messaging integration — the code does not implement network notifications and no API credentials are requested; do not assume notifications will be sent without verifying where tokens are stored. (2) Verify the expected input format: the script reads CSV with specific columns; Excel or free-text inputs mentioned in docs are not implemented. (3) Ask the publisher to reconcile SKILL.md and files (the docs reference scripts/budget-check.sh and pandas but the repo contains budget-check.py using only stdlib). (4) If you plan to run the script on real budget data, run it in a sandbox first and inspect runtime behavior for any network activity. (5) If you need the claimed notification/NLP features, request an updated release that documents required environment variables, external endpoints, and any third-party dependencies; otherwise treat this as a simple offline CSV checker. Additional info that would change the assessment: presence of a network/notification implementation with declared env vars (benign if declared and reasonable), or an updated SKILL.md that accurately describes the code (reduces concern).

Like a lobster shell, security has layers — review code before you run it.

latestvk973ms8bz5mhc9mrtja177d6cn8573k7
107downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Ricky@tujinsama
latest
Download

支出预警管控虾 (budget-alert-claw)

实时监控预算执行,每笔支出自动比对预算余额,临近预警线提前通知,超标立即拦截审批。

核心工作流

1. 加载预算规则

读取用户提供的预算配置(Excel/CSV 或自然语言描述),建立多维度规则库:

  • 维度:部门、项目、费用类别
  • 时间周期:月度/季度/年度
  • 预警阈值:默认 80%(黄灯)/ 100%(红灯),可自定义

2. 接收支出申请

提取关键字段:金额、归属维度(部门/项目)、费用类别、申请人、日期

自然语言输入示例:

  • "市场部申请 5 万广告费,3 月份"
  • "帮我看看研发部差旅费超了没"

3. 预算余额计算

可用余额 = 预算总额 - 已使用金额 - 待审批金额
使用率 = (已使用 + 本次申请) / 预算总额 × 100%

4. 分级预警判定

状态触发条件处理方式
🟢 绿灯使用率 < 80%自动通过
🟡 黄灯80% ≤ 使用率 < 100%通知负责人,允许通过
🔴 红灯使用率 ≥ 100%拦截,升级审批流程

5. 异常检测(并行执行)

  • 金额异常:超过该类别历史均值 3 倍
  • 频次异常:同一申请人短期内高频申请
  • 类目异常:费用类别与部门常规支出不符

6. 通知与记录

  • 通过飞书消息推送预警通知(使用 message 工具)
  • 记录预警日志,更新预算余额

输入格式

结构化输入(推荐)

预算配置表必填字段:部门/项目预算总额预警阈值时间周期 支出流水必填字段:金额归属维度费用类别申请人日期

自然语言输入

直接描述支出场景,从对话中提取关键字段。

输出格式

单笔校验结果

【预算校验结果】
申请:{部门} - {费用类别} - {金额}元
预算总额:{总额}元 | 已使用:{已用}元 | 可用余额:{余额}元
使用率:{使用率}% → {🟢/🟡/🔴} {状态说明}
处理建议:{自动通过 / 通知负责人 / 需升级审批}

批量校验结果

汇总表格 + 异常清单,可写入飞书多维表格。

预算执行报告

各维度使用率排行 + 预警项汇总 + 趋势分析。

参考文件

与其他虾的协作

  • bank-reconciliation-claw:对账差异可触发异常预警
  • auto-data-analysis-claw:预算执行数据进一步趋势分析
  • cross-platform-messenger-claw:多渠道推送预警通知

注意事项

  • 未配置预算的维度默认放行,建议设置兜底规则
  • 月度预算在月初自动重置,跨月申请注意时间归属
  • 预算调整需手动更新配置,暂不支持自动审批流
  • 不支持跨币种管控,需手动换算

Comments

Loading comments...