Ai Intelligent Expense Reimbursement
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to real reimbursement or finance systems, mistakes or misuse could approve claims or trigger payments without clearly documented safeguards.
The skill advertises automated approval and automatic payment, which are high-impact business and financial actions, but the artifacts do not define user confirmation, limits, reversibility, or audit controls.
- 智能审批(规则引擎) - 自动打款(财务集成)
Require explicit human approval before any approval or payment action, add transaction limits and dry-run mode, and document audit logs and rollback procedures.
A user may not understand what financial accounts, tokens, or permissions the skill would need before it can operate.
Invoice verification, finance API integration, and automatic payment imply delegated access to financial systems, but the supplied registry metadata declares no credential requirements or scope boundaries.
- 合规检查(发票验真) - 自动打款(财务集成) ## 技术栈 - 财务 API 集成
Declare every required credential and permission scope, restrict access to the minimum needed APIs, and separate read-only invoice checks from payment authority.
Installing the skill may execute code and dependencies that were not reviewed here, which is especially risky for a workflow involving financial approvals and payments.
The reviewed package contains no implementation or install spec, yet the instructions direct users to fetch dependencies and run remote code that is not included in the artifact set.
git clone https://github.com/openclaw-skills/ai-intelligent-expense-reimbursement cd ai-intelligent-expense-reimbursement pip install -r requirements.txt python app.py
Publish the runnable code in the reviewed package, provide pinned dependencies or a lockfile, declare the source/homepage clearly, and avoid asking users to run unreviewed remote code.
Users could over-trust the skill if they believe it is officially maintained when the reviewed metadata does not clearly establish that.
The SKILL.md presents an official-sounding author name, while the included skill.json lists a different author, creating provenance ambiguity.
作者:OpenClaw Skills Team
Clarify the maintainer identity and source repository, and ensure SKILL.md and skill.json use consistent authorship information.