ClawHub

Billclaw

v0.5.5

This skill should be used when managing financial data, syncing bank transactions via Plaid/GoCardless, fetching bills from Gmail, or exporting to Beancount/Ledger formats. Provides local-first data sovereignty for OpenClaw users.

1· 2.4k·3 current·3 all-time
byfirela@xbinkai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Plaid/Gmail sync, exports, local storage) matches the declared npm packages and optional Connect/CLI components. Requiring Node and providing npm packages for OpenClaw integration is proportionate to the stated purpose.
Instruction Scope
SKILL.md directs the user to install the listed npm packages, configure Plaid/Gmail credentials only when needed, run an interactive setup, and store data under ~/.firela/billclaw or system keychain. It does not instruct broad system scanning, harvest unrelated environment variables, or phone home to unexpected endpoints in the provided content.
Install Mechanism
Installation uses npm packages (@firela/*). npm is a normal distribution mechanism for Node tools but carries standard supply-chain risk (transitive dependencies). There are no downloads from arbitrary URLs, no extracted archives, and the install spec is consistent with the skill's purpose.
Credentials
No environment variables are required at install time. The SKILL.md lists Plaid and Gmail credentials for the features that need them, which is appropriate. There are no unrelated credentials or excessive env var requirements declared.
Persistence & Privilege
always:false and disable-model-invocation:true limit autonomous or always-on behavior. The skill does not request system-wide config changes or access to other skills' secrets in the provided content.
Assessment
This skill appears coherent for local financial syncing: if you plan to use it, review the npm packages' source (the repo links are provided), verify package provenance if that matters to you, and only supply Plaid/Gmail credentials when you enable those features. Because it installs Node packages, consider installing in a controlled environment (container or dedicated machine) if you have strong supply-chain concerns, and monitor network traffic on first run to confirm calls go only to Plaid/Gmail endpoints. The skill's disable-model-invocation setting reduces autonomous risk. If you rely on the optional Connect component (self-hosted OAuth), review its configuration carefully before exposing it to the network.

Like a lobster shell, security has layers — review code before you run it.

latestvk970spfqb8brnrde0fxnvnvazn812j0x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
Any binnode

Install

Install BillClaw OpenClaw plugin (required)npm i -g @firela/billclaw-openclaw
Install BillClaw CLI (optional)
Bins: billclaw
npm i -g @firela/billclaw-cli
Install BillClaw Connect OAuth server (optional)npm i -g @firela/billclaw-connect

Comments