ClawHub

expense-note

v1.0.0

一个简单的日常开销记录和统计工具,帮助管理个人财务

0· 73·0 current·0 all-time
byMr.Yang@yangjinghua0127
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (simple personal expense tracker) matches the provided SKILL.md and the JavaScript implementation. Required capabilities (reading/writing a JSON file, basic statistics) are exactly what the code implements; no unrelated capabilities are requested.
Instruction Scope
SKILL.md instructs the agent to use Node.js and local JSON storage. The instructions and the code remain scoped to local CRUD and reporting operations on data/expenses.json; they do not read system-wide config, environment secrets, or send data externally.
Install Mechanism
There is no install spec (instruction-only), but the package includes a runnable Node.js script (expense-tracker.js). This is low-risk but means the agent (or user) must execute the JS with Node.js 16+; the script will create and write files under the skill's data/ directory.
Credentials
No environment variables, credentials, or external service tokens are requested. The code uses only Node.js built-in modules (fs, path), which is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges or modify other skills. It writes files only under its own data/ directory and exports functions for potential invocation—this is proportional for a local utility.
Assessment
This skill appears to do what it says: it runs with Node.js and stores data locally in data/expenses.json and exported report files. Before installing or running: (1) ensure you run it in a trusted, non-shared directory because it will create and modify files there; (2) back up or export any sensitive data you add (data is stored unencrypted JSON); (3) confirm Node.js 16+ is used; (4) if you need stronger privacy, consider adding encryption or moving storage to a secure location; (5) review the included expense-tracker.js if you want to verify behavior yourself. Autonomous invocation by the agent is allowed by default—this alone is not a red flag, but consider whether you want the agent to run the skill without prompting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5013eadm33vx0nmtx578b183m0f1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis

Comments