ClawHub

Ride Receipts

v0.1.12

Build a local SQLite ride-history database from Gmail ride receipt emails using gog for fetch and OpenClaw Gateway /v1/responses for extraction. Use when you...

0· 384·0 current·0 all-time
byMaxim Tuleyko@tuleyko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts. Requiring 'gog' and 'python3' is appropriate for fetching Gmail and running the Python pipeline. The declared gateway config paths align with the code that contacts a Gateway /v1/responses endpoint.
Instruction Scope
SKILL.md and the scripts instruct fetching raw email content (including full HTML) into emails.json, then sending that raw JSON to a Gateway model for extraction. The instructions explicitly require user consent before sending sensitive emails to a model and the extraction script enforces local/private Gateway hosts by default. One inconsistency: the registry lists no required env vars, but the SKILL.md and scripts reference environment variables such as OPENCLAW_GATEWAY_TOKEN, OPENCLAW_GATEWAY_URL, OPENCLAW_ALLOW_NONLOCAL_GATEWAY and also read ~/.openclaw/openclaw.json for the token.
Install Mechanism
No install spec; this is an instruction-only skill with bundled Python scripts. Nothing is downloaded from third-party URLs or installed automatically. Risk from installation is low, but the provided scripts will be executed locally by the agent using python3.
Credentials
The skill does not request unrelated credentials. It legitimately needs a Gateway auth token (sensitive) and a gog-authenticated Gmail account; the token can come from OPENCLAW_GATEWAY_TOKEN or ~/.openclaw/openclaw.json. Registry metadata did not declare any required env vars, so users should be aware the skill will look for the gateway token and optional env flags at runtime. This is proportionate to the task but involves sensitive tokens and Gmail access via the user's gog credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated system-wide privileges. It writes its own output files (emails.json, rides.json, rides.sqlite) in the working data directory and does not modify other skills or global agent settings.
Assessment
This skill appears coherent and implements the described pipeline, but it handles sensitive data: your Gmail receipt HTML/JSON will be written to disk and (by default) sent to a local/private OpenClaw Gateway for extraction. Before installing or running: 1) verify you have and trust a local Gateway and have the gateway token available (OPENCLAW_GATEWAY_TOKEN or ~/.openclaw/openclaw.json); 2) confirm you are comfortable using the gog CLI (it will use your gog auth to read Gmail) and that you select the correct account when prompted; 3) do not set OPENCLAW_ALLOW_NONLOCAL_GATEWAY=1 unless you explicitly accept sending raw receipts to a remote Gateway; 4) review the included Python scripts if you want to audit behavior (they are self-contained and show the data flows); and 5) run the pipeline in an isolated environment if you are concerned about sensitive financial/location data being stored or processed.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710krfnxnj9pf11qy8sq1avh83jkj0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgog, python3
Configgateway.port, gateway.auth.token, gateway.http.endpoints.responses.enabled

Comments