ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rental Manager

v1.0.0

Rental bookkeeping for Quebec/Levis/Longueuil properties. Records income/expenses, uploads receipts to Drive, T776 tax prep, LOC tracking. Triggers: record e...

0· 92·0 current·0 all-time
by@clairproqc-star

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clairproqc-star/rental-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Rental Manager" (clairproqc-star/rental-manager) from ClawHub.
Skill page: https://clawhub.ai/clairproqc-star/rental-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: gog
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install rental-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install rental-manager
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Requesting the 'gog' CLI and using it to operate on Google Drive and Google Sheets is consistent with the stated purpose (upload receipts, update spreadsheets). However, the skill embeds specific spreadsheet IDs and Drive folder IDs in references/properties.md and in the script rather than asking the installing user to supply their own IDs; that makes the implementation tied to particular accounts and is unexpected for a general-purpose bookkeeping skill.
!
Instruction Scope
The runtime instructions + included script direct the agent to move and rename files in Google Drive and to update spreadsheet cells. Those actions are within the skill's stated scope, but they target the hard-coded folder and sheet IDs. That means user-uploaded files could be moved into another party's Drive folders and spreadsheet rows could be updated in accounts not controlled by the installing user — this is a data-exfiltration risk if the IDs are external.
Install Mechanism
No install spec and only an instruction plus a small Python helper file; nothing is downloaded or executed during install. The only runtime dependency is the 'gog' CLI which must be present — low install-time risk.
!
Credentials
The skill requests no environment variables but relies on the 'gog' CLI being present and authenticated in the agent environment. This implicitly uses whatever Google credentials are available to the agent. Combined with hard-coded external folder/sheet IDs, this grants the skill the ability to move user files into those targets using the agent's Google auth — more privilege than you'd normally expect without explicit configuration or owner confirmation.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not change other skills' configs, and does not declare elevated platform privileges. Normal autonomous invocation is enabled (platform default).
What to consider before installing
This skill will move uploaded receipts and update spreadsheets via the 'gog' CLI using hard-coded Google Drive folder and spreadsheet IDs. Before installing or running it, confirm who owns the listed IDs (the folder and sheet IDs in references/properties.md). If those IDs are not yours, do NOT use the skill — it could transfer your files into someone else's Drive. Safer alternatives: 1) Ask the skill author to make IDs configurable so you provide your own folder and sheet IDs, or 2) edit the script locally to point to your own Drive/Sheet IDs and review the 'gog' commands, or 3) run the upload steps manually or in a sandboxed account. Also verify what 'gog' is (its source and authentication model) and ensure it is authenticated only to the Google account you intend to use. If you proceed, test with a non-sensitive dummy file first and be prepared to revoke any Google token/credentials used by 'gog' if you detect unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏠 Clawdis
Binsgog
latestvk97e1tyfh72cx5p0bgmbwb65bh83j2zx
92downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@clairproqc-star
latest
Download

Rental Manager Skill

This skill provides a standardized workflow for managing rental property data.

Resource Locations

Always refer to references/properties.md for the latest Spreadsheet IDs and Google Drive Folder IDs.

Standard Workflows

1. Recording Income/Expenses

  • Longueuil → Longueuil Control sheet; others → Master Record sheet.
  • Columns: Index, Date, Category, Description, Type, Amount.
  • T776 categories: 8141 Gross Rents, 8320 Professional Fees, 8520 Insurance, 8690 Management & Admin, 8710 Interest (Mortgage), 8710 Interest (LOC), 8810 Office Expenses, 8960 Repairs & Maintenance, 9180 Property Taxes, 9200 Travel Expenses, 9220 Utilities, Asset (Capital), Prepaid Expense, LOC Drawdown, Transfer.

2. Receipt Upload & Linking

  • Requires: Index, Property (Gauvin/Levis/Longueuil), optional custom Filename (e.g., 3-1.pdf; default: [Index].[ext]).
  • Uploads to correct Drive folder, renames file, updates File Link column G in spreadsheet.

3. Longueuil Sync

  • Master Record's Longueuil (168 Goyette) tab is read-only (IMPORTRANGE). Always edit Longueuil Control sheet directly.

4. Tax Preparation (T776)

  • Aggregate by property and category. For Longueuil use Longueuil My Share (50%) tab.

5. LOC Tracking

  • Drawdown: General / Personal Business tab, category LOC Drawdown, type Transfer, description RBC LOC Payment for [Expense / Property], note linked index.
  • Interest: Annually from T5. Category 8710 Interest (LOC), type Expense, description RBC LOC Annual Interest (from T5).

Comments

Loading comments...