ClawHub

Openclaw Skill

v1.0.0

AI-powered personal finance management system - track expenses, manage budgets, analyze spending patterns, and get smart financial recommendations

1· 291·1 current·1 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the documented commands and features (transaction tracking, budgets, reports). The skill declares local JSON storage and Node.js/TypeScript runtime, and does not request unrelated credentials or system access.
Instruction Scope
SKILL.md instructs the agent to run a CLI (cfo) that reads/writes files under ~/openclaw-personal-cfo/data (or CFO_DATA_DIR). This file I/O is consistent with a finance tracker, but the instructions also recommend installing a third‑party npm package or cloning a GitHub repo — the registry entry itself contains no install artifact or code, so the runtime behavior depends on that external package.
Install Mechanism
The skill is instruction-only with no install spec in the registry. The README recommends 'npm install -g openclaw-personal-cfo' or cloning a GitHub repo (https://github.com/ZhenRobotics/openclaw-personal-cfo.git). Both are common distribution methods (npm/GitHub) but the registry provides no integrity or provenance metadata; users should verify the package/repo before installing.
Credentials
No required environment variables or credentials are declared. An optional CFO_DATA_DIR env var is documented to change the data directory — this is reasonable and proportional for a local storage tool.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not request system-wide privileges or modify other skills. Data is stored under its own directory; that is expected for this purpose.
Assessment
This skill appears internally consistent for a local CLI-based finance tool, but it is instruction-only and points you to an external npm package and GitHub repository (no code shipped in the registry). Before installing or running the CLI: 1) verify the npm package name and maintainer and review the GitHub repo source and recent activity; 2) avoid blind global installs — prefer inspecting code first or installing in an isolated environment/container; 3) consider setting CFO_DATA_DIR to a controlled directory and back up/export your financial data; 4) check the package for any network calls or telemetry and whether it stores or transmits data off your machine; 5) ensure Node.js >=18 is acceptable for your environment. If you cannot review the external code, treat the install as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9733fm8rh7qjt8e1c2sfh57h182ewzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments