ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tesseract Receipt Tracker

v1.0.0

OCR-based receipt tracker for expense, travel, freelance logging using tesseract. Extracts date, vendor, amount, tax, mileage, items from receipts/invoices/i...

0· 106·0 current·0 all-time
by@skunnyo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for skunnyo/tesseract-receipt-variant.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tesseract Receipt Tracker" (skunnyo/tesseract-receipt-variant) from ClawHub.
Skill page: https://clawhub.ai/skunnyo/tesseract-receipt-variant
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tesseract-receipt-variant

ClawHub CLI

Package manager switcher

npx clawhub@latest install tesseract-receipt-variant
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim OCR + receipt parsing using Tesseract and the bundle includes a parsing script — that fits. There are no unrelated credential requests or config paths. However the instructions ask to install a PyPI package named 'tesseract' (ambiguous) and to run system package installs with sudo, which is not strictly needed in many environments and is imprecise.
!
Instruction Scope
SKILL.md instructs executing shell installs (exec pip install tesseract; exec sudo apt update && sudo apt install tesseract-ocr) and running tesseract with nonstandard CLI flags. These commands require privileged/system changes and reference installing packages from package managers — they are within the stated purpose (installing OCR) but are imprecise and riskier than necessary. There is no instruction to avoid exfiltration or to sandbox these installs; the instructions also assume apt/sudo availability.
!
Install Mechanism
There is no formal install spec, but the runtime advises installing via 'pip install tesseract' — that name is ambiguous on PyPI and could pull an unexpected package. It also suggests running 'sudo apt install tesseract-ocr' which requires elevated privileges. Both are higher-risk than an instruction-only skill that simply calls an existing system binary.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges or claim to modify other skills. The only privilege-related issue is the instruction to run sudo apt commands, which requires elevated system privileges but is not persistence or cross-skill modification.
What to consider before installing
This skill appears to do what it says (OCR + parse receipts), but do NOT run its install lines as-is. 'pip install tesseract' is ambiguous and could install an unexpected PyPI package — the usual Python binding is 'pytesseract' (and it still requires system tesseract). The apt install step requires sudo and modifies the host. The included parser script has bugs (incorrect format string '0/1/2'.format(...), a mileage condition that always fails, and crude regexes), so it may produce wrong output. Before installing/use: (1) run in an isolated VM/container; (2) install system tesseract from a trusted source yourself (or via your OS package manager) rather than auto-running the skill's commands; (3) avoid blindly running 'pip install tesseract' — inspect that package on PyPI or use 'pytesseract'; (4) review and fix parse_receipt.py bugs and test on sample receipts; (5) prefer to run the code locally with controlled inputs rather than giving the agent permission to execute install commands autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nhtxvfdrdjg4qh0pbds3wx83tm24
106downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@skunnyo
latest
Download

Tesseract Receipt Tracker

Workflow

  1. Acquire Image: read tool on image path (supports jpg, png, pdf first page).

  2. Setup tesseract:

    exec pip install tesseract

    Tesseract: exec sudo apt update && sudo apt install tesseract-ocr

  3. Extract Text:

    # Variant command for tesseract
exec tesseract --image_path image.jpg --output ocr.txt

  4. Parse Fields: exec python3 scripts/parse_receipt.py ocr.txt

  5. Log Data: Write to expense_log.csv or json.

Post-Processing

Use regex/scripts for receipt-specific fields: total, subtotals, taxes, odometer, dates.

scripts/

Custom parsers for structured extraction.

references/

Field mappings and examples.

Comments

Loading comments...