ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ledger Project Expense Entry

v1.0.0

Record natural-language project expense messages into ledger JSONL. Use when user sends "项目+支出" directly (e.g., "OpenClaw 服务器 89"), wants quick记账, or asks to...

0· 84·0 current·0 all-time
by@shing19

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shing19/ledger-project-expense-entry.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ledger Project Expense Entry" (shing19/ledger-project-expense-entry) from ClawHub.
Skill page: https://clawhub.ai/shing19/ledger-project-expense-entry
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ledger-project-expense-entry

ClawHub CLI

Package manager switcher

npx clawhub@latest install ledger-project-expense-entry
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (append natural-language project expense messages into ledger JSONL) align with the SKILL.md actions (parse fields, pick date, write via an add_ledger_entry.py script). However the skill assumes existence of a specific repository layout (projects/data, projects/docs/CATEGORY_CATALOG.md, projects/scripts/add_ledger_entry.py) without declaring or bundling those files — reasonable for a repo-specific assistant, but unexpected in a generic skill.
!
Instruction Scope
The run instructions tell the agent to obtain the local date, read a local category catalog, and execute a local Python script to append data. That means the agent will access and modify files on disk and execute arbitrary code present at projects/scripts/add_ledger_entry.py. While these actions are coherent with 'append ledger entries', they grant filesystem and code-execution scope beyond purely conversational behavior and could be risky if the referenced files or script are untrusted or absent.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code — nothing will be downloaded or installed by the skill itself. That lowers supply-chain risk, but it also means the correctness/safety of runtime behavior depends entirely on local files and scripts.
Credentials
The skill requests no environment variables, credentials, or external config paths. The only required resources are local repository paths referenced in the instructions; these are proportionate to the described bookkeeping task but should be present and trusted.
Persistence & Privilege
always is false (normal). disable-model-invocation is false (agent may invoke autonomously). Autonomous invocation combined with file-write + script-execution instructions increases the blast radius if the agent is allowed to act without user confirmation. This is not automatically disallowed, but it's a meaningful consideration for safety.
What to consider before installing
This skill will try to read projects/docs/CATEGORY_CATALOG.md and run projects/scripts/add_ledger_entry.py on your system — those files are not provided by the skill. Before enabling or using it: 1) confirm those paths exist in the target workspace and inspect the Python script to ensure it is safe and does only what you expect; 2) back up your ledger files or test in a copy; 3) prefer requiring user confirmation for each write (disable autonomous invocation if you want manual oversight); 4) if you do not have the repo structure, don’t enable the skill or modify the instructions to target a safe, reviewed tool. If you want, provide the add_ledger_entry.py and CATEGORY_CATALOG.md here (or point to a trusted repo) so I can evaluate them too.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qjm8eah2kf110wh7dwrkdh83yfxp
84downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@shing19
latest
Download

Ledger Project Expense Entry

Use this skill for fast bookkeeping from short natural-language messages.

Defaults

  • direction: default 支出
  • currency: default CNY
  • date: default today (Asia/Taipei)

Only change defaults if user explicitly provides different values.

Parse target

Extract from message:

  • project (项目名)
  • description (消费内容)
  • amount (number)
  • optional date
  • optional currency
  • optional direction (收入/支出)
  • optional tags

If project and description are both present, build description as:

  • <project> - <description>

If only one exists, use that field directly.

If amount is missing, ask one short clarification question.

Write command

IMPORTANT: Get today's date (YYYY-MM-DD) first, for determining which month file to write to.

# Get today's date in Asia/Taipei timezone
CURRENT_DATE=$(TZ='Asia/Taipei' date +%Y-%m-%d)

Then append via existing script:

python3 projects/scripts/add_ledger_entry.py \
  --data-root projects/data \
  --date "$CURRENT_DATE" \
  --direction <支出|收入> \
  --amount <number> \
  --currency <CNY|USD|JPY|...> \
  --description <project-description> \
  --tags <tag1,tag2,...> \
  --source manual \
  --batch manual

Category catalog (must check before writing)

Before each write, check:

  • projects/docs/CATEGORY_CATALOG.md

Selection policy:

  • Prefer existing values from catalog (tags/major_category/type/currency).
  • If user gives a new tag not in catalog and meaning is clear, write it; otherwise ask one short confirmation.
  • If uncertain, keep optional fields empty rather than inventing noisy labels.

Tag suggestion rules

  • If user gives tags, use them directly.
  • If user does not give tags:
    • project/infra/subscription/domain/server -> 开发成本 / 服务器 / 域名 / 通讯网络 (pick the closest one)
    • meal/drink -> 外卖 / 下馆子 / 饮料零食
    • ride/transport -> 打车 / 交通卡 / 火车 / 飞机
  • If still uncertain, keep tags empty.

Response format

After appending, reply with:

  • month file path
  • one-line summary: 日期 | 流向 | 金额币种 | 描述

Comments

Loading comments...