ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Heath Ledger

v1.0.0

AI bookkeeping agent for Mercury bank accounts. Pulls transactions, categorizes them (rule-based + AI), and generates Excel workbooks with P&L, Balance Sheet...

1· 484·2 current·2 all-time
byAndrew Pierno@wrannaman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (bookkeeping for Mercury accounts, categorization, P&L/BS/Cash Flow generation) match the provided scripts and libraries: connect_mercury, pull_transactions, categorize (rules + AI), optional connect_stripe, generate_books. Requests for Mercury/Stripe tokens as runtime arguments are proportionate to the stated purpose.
Instruction Scope
SKILL.md directs the operator to run local node/bash scripts which read/write a local SQLite DB (data/heath.db), call Mercury/Stripe APIs, produce AI categorization prompts (JSON to stdout) and accept AI results back. This is within bookkeeping scope, but the skill emits AI prompts that rely on the host agent to call an LLM (expected for 'AI categorization') and will persist AI-created rules into the DB. Several scripts reference or default to developer paths (e.g., /home/andrew/clawd/projects/heath-ledger/bookkeeper-examples) — harmless unless you run those scripts and expect them to point at your data. No instructions to send data to unknown external endpoints were found in the visible files.
Install Mechanism
There is no remote install or download; code is bundled with the skill. No brew/npm/go downloads or external archives are fetched during install. This limits supply-chain risk. (That said, review package.json/package-lock if you plan to run npm install to ensure dependencies are acceptable.)
Credentials
The skill declares no required env vars but expects the user to supply Mercury/Stripe API tokens as command-line arguments; those tokens are stored in the local SQLite DB in plaintext (comment in connect_mercury.mjs: 'store token as-is locally — no encryption needed for local SQLite'). Storing access tokens locally is functionally required but has privacy implications; the skill also inserts AI-generated categorization rules into the DB (source='ai'), which may cause cross-entity propagation if rules are promoted to global later. No unrelated credentials are requested.
Persistence & Privilege
always:false (not force-included). The skill stores data in its own SQLite database and writes generated Excel files to a local data/ directory — expected for bookkeeping. It does not request or modify other skills' configurations. Autonomous invocation is allowed by default (not a red flag alone) but combine with caution if you permit full autonomy and provide credentials.
Assessment
What to check before installing/using: - Inspect the small client wrappers (scripts/lib/mercury-client.js and scripts/lib/stripe-client.js) to confirm they call the official API endpoints you expect and do not send data elsewhere. - Understand where credentials are stored: tokens you pass (Mercury/Stripe) are saved plaintext in data/heath.db. If this DB is on a shared machine or backup, treat the tokens as sensitive and consider encrypting the DB or using filesystem protections. - Avoid running developer-only scripts (e.g., those with hardcoded /home/andrew/... paths) unless you review/adjust them; they reference local example directories and could attempt to read files from absolute paths. - If you plan to run categorize -> AI -> categorize_ai_results workflow, be aware AI-inferred rules are written into the DB (source='ai') and the project includes logic to promote rules; review how rules are promoted before using on multiple entities to avoid accidental global rule propagation. - Run the skill in an isolated environment (local VM/container) if you want to limit blast radius and inspect network traffic during initial runs. - If you need stronger protection for API tokens, add encryption at rest or use a secrets manager instead of storing tokens plaintext in the SQLite file. Overall: the package appears coherent and consistent with its stated bookkeeping purpose, but take the above operational/privacy steps before running it with real production credentials.

Like a lobster shell, security has layers — review code before you run it.

accountingvk975z6dd9rat8enq73xggvsfdh81pde3bookkeepingvk975z6dd9rat8enq73xggvsfdh81pde3financevk975z6dd9rat8enq73xggvsfdh81pde3latestvk975z6dd9rat8enq73xggvsfdh81pde3mercuryvk975z6dd9rat8enq73xggvsfdh81pde3stripevk975z6dd9rat8enq73xggvsfdh81pde3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments