ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paycheck

Paycheck - command-line tool for everyday use

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 27 · 0 current installs · 0 all-time installs
byBytesAgain2@ckchzh
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (paycheck CLI) match the script's behavior (local logging, export, search). However, SKILL.md says you can set PAYCHECK_DIR to change the data directory while the included script ignores PAYCHECK_DIR and hardcodes DATA_DIR from HOME. Also SKILL.md claims version 2.0.0 while registry metadata lists 1.0.1 — packaging inconsistencies that reduce trust.
!
Instruction Scope
Instructions are limited to running the CLI and exporting data, which matches the script. The script writes many log files and a history.log under ~/.local/share/paycheck and records arbitrary user input (echoing it to logs). That means any input you provide (including secrets) will be stored unencrypted on disk. The SKILL.md suggests configuring PAYCHECK_DIR, but the script does not actually read that env var — so instructions claim behavior that won't occur.
Install Mechanism
No install spec and no network calls in the script. This is low-risk from an installation perspective — nothing is downloaded or executed from remote hosts by default.
Credentials
The skill requests no credentials or special env vars. That is proportionate. Caveat: SKILL.md documents PAYCHECK_DIR as a configuration env var, but the script does not honor it — a mismatch between declared configuration and implementation.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges. It does create and maintain files under the user's home directory (~/.local/share/paycheck) which is expected for a local CLI tool.
What to consider before installing
This tool appears to be a self-contained local CLI that logs and exports user-provided entries to ~/.local/share/paycheck/. Before installing or running it: (1) review the script contents (already included) to ensure you're comfortable with unencrypted storage of any input; do not enter passwords, API keys, or other secrets into this tool because all input is appended to plain text log files. (2) Note the SKILL.md says PAYCHECK_DIR can be used to change the data directory, but the script ignores that env var — if you need data in a custom location, either modify the script or move the data directory manually. (3) The package metadata/versioning and the source/homepage are inconsistent or missing; if provenance matters, ask the publisher for a clear source, or run the tool in a sandbox or throwaway account. (4) If you plan to use export features, inspect produced JSON/CSV to ensure the output meets your expectations (the JSON generation in the script may be malformed due to how newlines/commas are written). If you want higher assurance, request a fixed/rebuilt package that honors PAYCHECK_DIR and adds explicit handling to avoid storing sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk977h7gd1f3xk7h98nanrjm0mn830rh1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Paycheck

Paycheck calculator — salary breakdown, tax estimates, deductions, and net pay.

Commands

CommandDescription
paycheck helpShow usage info
paycheck runRun main task
paycheck statusCheck state
paycheck listList items
paycheck add <item>Add item
paycheck export <fmt>Export data

Usage

paycheck help
paycheck run
paycheck status

Examples

paycheck help
paycheck run
paycheck export json

Output

Results go to stdout. Save with paycheck run > output.txt.

Configuration

Set PAYCHECK_DIR to change data directory. Default: ~/.local/share/paycheck/

Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback

Features

  • Simple command-line interface for quick access
  • Local data storage with JSON/CSV export
  • History tracking and activity logs
  • Search across all entries

Quick Start

# Check status
paycheck status

# View help
paycheck help

# Export data
paycheck export json

How It Works

Paycheck stores all data locally in ~/.local/share/paycheck/. Each command logs activity with timestamps for full traceability.

Support

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…