ClawHub

ReceiptExtract - OCR, Photo/PDF to CSV

v1.0.1

Extract structured transaction data from image or PDF receipts using the ReceiptExtract API (https://www.receiptextract.com). Use when the user wants merchan...

0· 34·0 current·0 all-time
byYura Borunov@yborunov
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the included helper script and the documented API. One inconsistency: the registry metadata at top lists 'Required env vars: none', but both SKILL.md and scripts/extract_receipt.py require RECEIPTEXTRACT_API_TOKEN — the token is necessary and expected for this purpose.
Instruction Scope
SKILL.md instructions are narrowly focused: identify files, read API token from env, POST each file to the documented endpoint, and present JSON/CSV/summary output. Instructions explicitly warn not to paste tokens into chat and to avoid committing secrets. The skill does not instruct reading unrelated files or other environment variables.
Install Mechanism
No install spec; included helper is a plain Python script. No downloads from arbitrary URLs, no package installs, and no extract/write-to-disk installer steps — low install risk.
Credentials
The single required secret (RECEIPTEXTRACT_API_TOKEN) is proportional to the service integration. However, the registry metadata failing to declare the required env var is an incoherence that could confuse users. Also, note that providing the token and running the script causes potentially sensitive receipt contents to be transmitted to the third-party API — this is expected but privacy-relevant.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always:false, no config paths, no modification of other skills). It runs as a helper script invoked by the agent; autonomous invocation defaults are unchanged.
Assessment
This skill appears to do what it says: it uploads receipt files to receiptextract.com using an API token and returns parsed data. Before installing or using it: 1) fix the metadata mismatch—treat RECEIPTEXTRACT_API_TOKEN as required and store it in a secrets manager or environment variable (do not paste it into chat). 2) Be aware you are sending potentially sensitive financial/PII data to a third-party service—review ReceiptExtract's privacy/retention policy and test with non-sensitive receipts first. 3) Inspect scripts/extract_receipt.py locally (you already have it) and run on sample files to confirm behavior and error handling. 4) Verify cost/credits and handle failures (402/429/500) as described. If you need the skill to run offline or keep data local, this implementation is not appropriate because it uploads files externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e5sf70qx897t3m00dhfy1yn842yfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments