ClawHub

Claimback Radar

v1.0.3

Scans emails and bills to extract billing data, detect refund opportunities, subscription risks, and generate actionable savings recommendations.

0· 98·0 current·0 all-time
byJEP (Judgment Event Protocol)@schchit

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for schchit/claimback-radar.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Claimback Radar" (schchit/claimback-radar) from ClawHub.
Skill page: https://clawhub.ai/schchit/claimback-radar
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install claimback-radar

ClawHub CLI

Package manager switcher

npx clawhub@latest install claimback-radar
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: code and prompts implement extraction + risk detection and produce action receipts. The skill legitimately needs access to the OpenAI API to perform its work. One minor metadata inconsistency: the package registry metadata at the top lists no required env vars, but both SKILL.md and the code require an OPENAI_API_KEY.
Instruction Scope
Runtime instructions and code stay within scope: they read an input JSON (user-provided text), load a system prompt, and send those messages to OpenAI. The SKILL.md and README explicitly state that user content is transmitted to OpenAI and warn about .env usage. There are no instructions to read unrelated system files, other credentials, or to transmit data to endpoints other than OpenAI.
Install Mechanism
No install script is provided (instruction-only at registry level) and the project lists standard Python dependencies (openai, python-dotenv) in pyproject/requirements — proportional to the task. There are no downloads from arbitrary URLs or extraction steps.
Credentials
The skill requires a single credential (OPENAI_API_KEY), which is appropriate for an OpenAI-backed text-processing skill. However, registry metadata omitted listing this required env var while SKILL.md and code both require it — the omission is an inconsistency to be aware of but not evidence of malice.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It operates only when invoked and uses no elevated or persistent privileges beyond calling the OpenAI API.
Assessment
Things to consider before installing: - You must provide an OPENAI_API_KEY (the code and SKILL.md require it). The registry metadata omission is likely an oversight — confirm you supply the key securely. - This skill sends the email/bill text you pass to OpenAI. Do not feed highly sensitive personal data or secrets unless you accept OpenAI's data handling and retention policies. - main.py will load a local .env if present and warns you; avoid storing real API keys in .env files that might be committed to source control. - Prefer injecting the API key explicitly when running in production (as noted by the README) and review prompts/system.txt to ensure it meets your privacy expectations. - If you want extra assurance, run the included tests locally (they mock OpenAI) and audit the prompts and examples for any PII leakage patterns before using with real emails.

Like a lobster shell, security has layers — review code before you run it.

auditvk97fr6g7702vm1zfb8489qbn9h85a6w7emailvk97fr6g7702vm1zfb8489qbn9h85a6w7financevk97fr6g7702vm1zfb8489qbn9h85a6w7latestvk97fr6g7702vm1zfb8489qbn9h85a6w7refundvk97fr6g7702vm1zfb8489qbn9h85a6w7savingsvk97fr6g7702vm1zfb8489qbn9h85a6w7subscriptionvk97fr6g7702vm1zfb8489qbn9h85a6w7
98downloads
0stars
4versions
Updated 5d ago
v1.0.3
MIT-0
JEP (Judgment Event Protocol)@schchit
auditemailfinancelatestrefundsavingssubscription
Download

Skill Definition: claimback_radar

REQUIRED CREDENTIAL: OPENAI_API_KEY environment variable (or pass api_key directly to ClaimbackRadar).
EXTERNAL DATA FLOW: User-provided text content is transmitted to OpenAI's API. Review OpenAI's data retention and privacy policies before use.

Description

Scans user emails and bills to discover hidden refunds, subscription traps, and savings opportunities.

Functions

Function 1: extract

Extracts structured subscription / billing data from unstructured text.

Input: Raw email or bill text Output: confirmation_card (JSON)

Function 2: detect_and_recommend

Detects risks and generates actionable receipts.

Input: confirmation_card + user context Output: action_receipts + risk_flags

Invocation Schema

See schema/input.json

Output Schema

See schema/output.json

Example

See examples/netflix_email.md

Security Notes

  • The CLI entrypoint (main.py) explicitly loads .env if present and warns the user.
  • Do not commit .env files containing real API keys to version control.
  • For production use, prefer explicit api_key injection over implicit environment loading.

Comments

Loading comments...