← Back to Skills Marketplace
mattpolly

Spend Ledger

by mattpolly · GitHub ↗ · v0.4.0 · MIT-0
macoslinux ⚠ suspicious
105
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install spend-ledger
Description
Tamper-evident payment ledger for autonomous agents — auto-detects payments across all tools, prevents duplicate payments, and presents full spending history.
Usage Guidance
This package appears to do what it says: it inspects tool calls/results, logs transactions to a local tamper-evident JSONL ledger, and offers a localhost dashboard. Before installing or enabling it, consider: 1) Network sync: by default it GETs patterns from https://api.spend-ledger.com daily and can POST opt-in pattern submissions that include a hashed install identifier; disable this by creating data/config.json with "sync_community_patterns": false if you want fully offline operation. 2) Local files: it creates data/transactions.jsonl and data/install-id.json (both written with 0600 mode). If you are concerned about fingerprinting, note the install-id UUID is stored locally and a SHA-256 is sent on opt-in submissions. 3) Hook privileges: the plugin inspects all tool calls and can block duplicate payments in-session — this is necessary for its function but means it has the ability to deny tool calls; review the code if you want stricter behavior. 4) Review the PATTERNS_URL env var if you want to point pattern sync to an internal mirror; otherwise it will use the public api.spend-ledger.com. If you need more assurance, you can audit server/server.js and transactions.js (not fully shown here) for any additional network calls or unexpected data leaks, run it in a restricted environment, or disable community sync and keep the dashboard offline (it binds to 127.0.0.1).
Capability Analysis
Type: OpenClaw Skill Name: spend-ledger Version: 0.4.0 The skill contains a code injection vulnerability in 'scripts/query-log.sh' and 'scripts/log-transaction.sh' due to unsafe string interpolation of shell variables into 'node -e' JavaScript commands. A maliciously crafted argument (e.g., a date or service name containing single quotes) could break out of the JS string literal and execute arbitrary code. While the skill implements several high-quality security features—including localhost-only binding, the absence of CORS headers to prevent cross-origin data theft, and automated query parameter stripping to protect API keys—the injection flaw remains a risk. The skill also performs daily outbound network requests to 'api.spend-ledger.com' to synchronize payment detection patterns.
Capability Tags
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill is a payment-detection/ledger. It requires node and registers before_tool_call and tool_result_persist hooks so it can detect payments and prevent duplicates; that access to tool call params/results and a local ledger file is necessary for the stated purpose. The included scripts (log/query/dashboard) and server code match the description. No unrelated credentials or unusual binaries are required.
Instruction Scope
SKILL.md and README instruct the agent to read and query the local JSONL ledger (data/transactions.jsonl) and to use provided scripts; they also describe the intercept/blocking behavior. The instructions do not ask the agent to read unrelated system files or credentials. The skill does observe all tool call params/results (which is required) — that gives it broad visibility into tool outputs, but this is consistent with its purpose.
Install Mechanism
There is no external download/install step in the manifest. The package contains source files and a package.json with no npm dependencies. No install action pulls code from untrusted URLs or uses URL shorteners. The only network operation in code is fetching community patterns from api.spend-ledger.com (GET) and an opt-in pattern submit (POST).
Credentials
The skill does not require environment variables or credentials by default. It exposes optional environment variables (SPEND_LEDGER_API_URL, PATTERNS_URL, SPEND_LEDGER_CONFIG, etc.) which are reasonable for configurability. One privacy note: the skill creates a per-install UUID at data/install-id.json and uses a SHA-256 of it (submitter_hash) when submitting patterns — this can be used to identify installs in submissions (though the raw UUID is stored locally with 0600 permissions). Pattern sync is enabled by default but can be disabled in data/config.json.
Persistence & Privilege
The skill registers runtime hooks that inspect tool calls and can block duplicate payments within a session — this is high-privilege behavior but required by the stated duplicate-prevention feature. always:false (not force-included) and model invocation is normal. The skill writes only to its own data directory (transactions, cached patterns, install-id) with restrictive file modes (0600) per its docs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install spend-ledger
  3. After installation, invoke the skill by name or use /spend-ledger
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.0
Security fixes: remove wildcard CORS from dashboard server (prevented cross-origin transaction data reads); strip query params from service.url before storage (prevents accidental capture of API keys in URLs); add sync_community_patterns config option to disable automatic pattern download; fix 'full arguments never stored' documentation inaccuracy
v0.3.0
exec-wrapped payment detection, detectCryptoWallet, duplicate prevention improvements
Metadata
Slug spend-ledger
Version 0.4.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Spend Ledger?

Tamper-evident payment ledger for autonomous agents — auto-detects payments across all tools, prevents duplicate payments, and presents full spending history. It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.

How do I install Spend Ledger?

Run "/install spend-ledger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Spend Ledger free?

Yes, Spend Ledger is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Spend Ledger support?

Spend Ledger is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).

Who created Spend Ledger?

It is built and maintained by mattpolly (@mattpolly); the current version is v0.4.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments