← Back to Skills Marketplace
danielsimons1

Bill Tracker

by danielsimons1 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
685
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bill-tracker
Description
Retrieve upcoming bills, account balances, and assess if you can afford a specified amount within a set time frame.
README (SKILL.md)

Bill Tracker Skill

When the user asks about their bills, account balances, or whether they can afford something, use the bash tool to call the Bill Tracker API.

Required environment

  • BILL_TRACKER_URL - Base URL (e.g. https://your-server.com or http://localhost:1337)
  • BILL_TRACKER_SESSION_TOKEN - Session token for authentication (obtained once via POST /api/mcp/token)

Getting a session token

Bill Tracker uses magic-link auth (no passwords). Two steps:

  1. Request a verification code (sent to email):
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}' \
  "${BILL_TRACKER_URL}/api/mcp/request-code"
  1. Exchange the code from your email for a session token:
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"code":"123456"}' \
  "${BILL_TRACKER_URL}/api/mcp/token"

Store the returned sessionToken in BILL_TRACKER_SESSION_TOKEN. Tokens are long-lived; no need to re-verify on every request. (Codes expire in 10 minutes.)

Endpoints

1. Upcoming transactions (bills and income due soon)

POST ${BILL_TRACKER_URL}/api/mcp/upcoming-transactions
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "days": 3 }

Default days is 3. Increase for a longer window (e.g. days=7).

2. Account balances

POST ${BILL_TRACKER_URL}/api/mcp/account-balances
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}

Returns each account with name, type, balance, and a totalBalance (cash minus debt).

3. Can I afford X?

POST ${BILL_TRACKER_URL}/api/mcp/can-afford
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "amount": 500, "horizonDays": 90 }

Replace 500 with the amount in dollars. horizonDays defaults to 90.

Returns either canAfford: true with the date they can afford it, or canAfford: false with a message.

How to call

Use curl with POST. Pass X-Parse-Session-Token (or Authorization: Bearer $BILL_TRACKER_SESSION_TOKEN) for authentication. The token identifies the user—no email or password needed. Parse the JSON response and summarize clearly for the user.

Example (upcoming transactions):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"days": 3}' \
  "${BILL_TRACKER_URL}/api/mcp/upcoming-transactions"

Example (account balances):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{}' \
  "${BILL_TRACKER_URL}/api/mcp/account-balances"

Example (can afford):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"amount": 500}' \
  "${BILL_TRACKER_URL}/api/mcp/can-afford"
Usage Guidance
This skill is coherent with its description, but before installing: ensure BILL_TRACKER_URL points to a trusted HTTPS endpoint you control or trust; keep BILL_TRACKER_SESSION_TOKEN secret and store it only in a secure environment (do not paste into public chats); prefer a dedicated read-only account or token if available; confirm token lifetime/permissions so compromise risk is limited; and be aware that the agent will use the token to call the API (autonomously when invoked). If you didn't expect to provide a session token or don't trust the service URL, do not install the skill.
Capability Analysis
Type: OpenClaw Skill Name: bill-tracker Version: 1.0.0 The skill is designed for legitimate financial tracking but presents a significant shell injection vulnerability. The `SKILL.md` instructs the AI agent to use the `bash` tool to construct `curl` commands, dynamically inserting user-provided values for parameters like `amount` and `days` into JSON payloads without explicit sanitization. This lack of sanitization guidance for the agent could allow a malicious user to inject arbitrary shell commands via prompt injection, leading to remote code execution.
Capability Assessment
Purpose & Capability
Name/description (retrieve upcoming bills, balances, affordability) match the declared environment variables (BILL_TRACKER_URL and BILL_TRACKER_SESSION_TOKEN) and the endpoints documented in SKILL.md. Requiring a session token and base URL is expected for an API-only bill-tracking integration.
Instruction Scope
SKILL.md restricts actions to making POST calls to the Bill Tracker API (curl via bash), parsing JSON, and summarizing results. It does not instruct reading unrelated files, accessing other environment variables, or transmitting data to third-party endpoints.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes the risk of arbitrary code being written or executed on disk.
Credentials
Only two environment variables are required: the service base URL and a session token (primary credential). Both are directly justified by the skill's purpose. No unrelated secrets or broad cloud credentials are requested.
Persistence & Privilege
always:false (normal). disable-model-invocation:false means the agent may call the skill autonomously, which is the platform default; this is not a red flag by itself but you should be aware the agent can issue API calls using the provided session token when invoked.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bill-tracker
  3. After installation, invoke the skill by name or use /bill-tracker
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Bill Tracker skill. - Provides access to upcoming bills, account balances, and affordability checks via the Bill Tracker API. - Requires environment variables: BILL_TRACKER_URL and BILL_TRACKER_SESSION_TOKEN. - Supports authentication via magic-link email flow. - Details three main API endpoints: upcoming transactions, account balances, and affordability analysis.
Metadata
Slug bill-tracker
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Bill Tracker?

Retrieve upcoming bills, account balances, and assess if you can afford a specified amount within a set time frame. It is an AI Agent Skill for Claude Code / OpenClaw, with 685 downloads so far.

How do I install Bill Tracker?

Run "/install bill-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bill Tracker free?

Yes, Bill Tracker is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bill Tracker support?

Bill Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bill Tracker?

It is built and maintained by danielsimons1 (@danielsimons1); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments