ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

expense-tracker

v1.0.0

Log daily expenses to Notion using natural language input, auto-parsing item, amount, category, and payment method into your configured database.

0· 8·0 current·0 all-time
bykeetrids@huang-zi-zheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description (Notion expense logging) align with the code, which posts pages to api.notion.com. However the SKILL.md advertises interactive commands (/today, /summary, /budget, /bank) and features (running totals, month views, budget enforcement) that are not implemented in the provided expense_tracker.py (which only parses single-line expenses and POSTs a page). Additionally the registry metadata declares no required env vars or primary credential, but both the README and the code require a Notion API key and a database ID — a mismatch between declared capabilities/requirements and actual code.
!
Instruction Scope
The SKILL.md instructs users to set NOTION_API_KEY and EXPENSE_DATABASE_ID and to share the database with an integration (which matches the code). It does not instruct reading unrelated system files or exfiltrating data to unexpected endpoints. But it documents higher-level command behaviors and summaries that the code does not implement, which is scope creep in the documentation vs runtime instructions and may mislead users about what the skill will do at runtime.
Install Mechanism
No install spec is present (instruction-only plus an included Python file). No remote downloads or installers are used; the runtime risk is limited to executing the included Python code and its network call to Notion. This is a low install risk, but running code should still be done in a controlled environment.
!
Credentials
The code legitimately requires a Notion API key and a database ID (sensitive credentials) to perform its stated function; this is proportionate to the advertised purpose. However the registry metadata incorrectly lists 'Required env vars: none' and 'Primary credential: none' — an inconsistency that could cause the agent or user to overlook that they must supply a Notion token. The skill does not request unrelated credentials, but the metadata omission is concerning because it hides the need for sensitive tokens.
Persistence & Privilege
The skill does not request 'always: true' or any elevated persistent presence. It does not modify other skills or system-wide configs. Running it simply uses environment variables and performs network requests to Notion.
What to consider before installing
Key things to consider before installing or running this skill: - Metadata mismatch: The registry metadata does not declare required environment variables, but both SKILL.md and the code require NOTION_API_KEY and EXPENSE_DATABASE_ID. Expect the skill to fail or prompt for those values unless fixed. Ask the publisher to update the metadata to list the Notion token as the primary credential. - Feature mismatch: SKILL.md lists interactive commands and summary/budget features that are not implemented in expense_tracker.py. If you need those features, request an updated implementation or avoid relying on the claimed functionality. - Credentials handling: The skill needs your Notion integration token and database ID. Only provide tokens scoped to a dedicated Notion integration (least privilege) and avoid sharing tokens that grant access to other unrelated workspaces or data. Consider creating a separate integration with limited permissions and sharing only the specific database. - Run safely: Because this is an included Python script that will make network requests, run it in a sandboxed environment (or review and run the code locally) rather than granting it broad system or credential access in production. Inspect or run the script locally to confirm behavior before allowing an agent to invoke it autonomously. - Ask for fixes: Request that the skill author (1) update registry metadata to declare required env vars and primary credential, (2) either implement the documented commands or remove them from SKILL.md, and (3) document expected HTTP response codes/behavior for Notion API errors. After those fixes, re-evaluate. If you want, I can produce a short checklist or a suggested metadata patch to send to the skill author to address these issues.

Like a lobster shell, security has layers — review code before you run it.

latestvk975117e6snd1bnyw7kn9rrd9184cw4m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments