← Back to Skills Marketplace

Farmos Finance

Name: Farmos Finance
Author: brianppetty

by brianppetty · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

906

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install farmos-finance

Description

Query farm financial data — cash flow projections, cost tracking, breakeven analysis. Requires admin authentication. Highly sensitive data.

README (SKILL.md)

FarmOS Finance

Forward-looking cash flow planning and cost management. Projects future cash flows based on planned costs and expected revenue.

Data Completeness

Always state totals when reporting financial data: "Total operating costs: $892,000 across 12 categories."
Cash flow projections combine multiple sources. If the marketing revenue side fails, say so — don't present costs without revenue as a complete picture.
If an endpoint returns an error, report the failure to the user rather than presenting partial financial data. Partial financial data is worse than no data.
For cost item listings, use /api/cost-items with crop_year — this returns all items without pagination.

When This Skill Triggers

"What's our cash flow look like?"
"Cost per acre this year?"
"Breakeven price for corn?"
"Monthly expense projection"
"Show cost categories"
"What are our biggest expenses?"

Authentication

ADMIN ONLY. This skill accesses sensitive financial data. Always use admin-level auth.

TOKEN=$(~/clawd/scripts/farmos-auth.sh admin)

Role mapping: Check ~/.clawdbot/farmos-users.json. If the sender is not admin, respond: "Financial data is restricted to farm owners. I can't access that for your account."

API Base

http://100.102.77.110:8010

Integration Endpoints (No Auth — if AI access toggle is enabled)

Cost Summary

GET /api/integration/summary?crop_year=2025

Returns: Total costs by category for the crop year.

Cash Flow (Simplified)

GET /api/integration/cash-flow-simple?crop_year=2025

Returns: Monthly outflow projections.

Breakeven Analysis

GET /api/integration/breakeven?crop_year=2025

Returns: Cost per acre and cost per bushel by crop and entity. This tells you the minimum price needed to cover costs.

Authenticated Endpoints (JWT Required)

Cost Categories

GET /api/categories Authorization: Bearer {token}

Returns: Cost category definitions (fertilizer, seed, chemicals, fuel, insurance, etc.)

Cost Items

GET /api/cost-items?crop_year=2025 Authorization: Bearer {token}

Returns: Individual cost line items with amounts, timing, entity allocation.

Cash Flow Projection (Full)

GET /api/cash-flow/projection?crop_year=2025 Authorization: Bearer {token}

Returns: Complete monthly cash flow with costs AND revenue (from Marketing module). Shows when money goes out and comes in.

Cash Flow Summary

GET /api/cash-flow/summary?crop_year=2025 Authorization: Bearer {token}

Returns: Summarized by category and month.

Key Concepts

Cost categories: Per-unit (fertilizer, seed — calculated from rate x acres) vs annual totals (insurance, labor).
Timing: Costs are assigned to specific months. Multiple months = split evenly.
Entity allocation: Costs can be assigned to one entity, split across all by crop acres, or manually allocated.
Breakeven: Total costs / expected bushels = minimum price per bushel to cover costs.

Usage Notes

Always specify crop_year parameter.
Breakeven is the most-asked question — answer it quickly and clearly.
Cash flow projection combines costs (this module) with revenue (marketing module).
NEVER share financial data with non-admin users. This includes cost per acre, breakeven, cash flow, or any cost details.

Usage Guidance

This skill's SKILL.md tells the agent to run a local auth script and read a role file in your home directory and to call an internal IP API, but the published metadata doesn't declare those file/script requirements. That mismatch is risky because the agent could execute local code and access sensitive financial data using admin credentials. Before enabling: 1) Verify the existence, source, and safety of ~/clawd/scripts/farmos-auth.sh and ~/.clawdbot/farmos-users.json — do not enable the skill unless you trust them. 2) Prefer the developer to update the manifest to declare required config paths and any env vars. 3) Restrict autonomous invocation (or require manual approval) so the agent cannot fetch admin data without your explicit action. 4) Confirm the internal IP (100.102.77.110) is a known, trusted host on your network and not an unknown endpoint. If you cannot verify these points, do not install or grant it admin-level access.

Capability Analysis

Type: OpenClaw Skill Name: farmos-finance Version: 1.0.0 The skill is classified as suspicious due to several risky capabilities and documented vulnerabilities. It instructs the agent to execute a shell command (`~/clawd/scripts/farmos-auth.sh`) for authentication, which introduces a potential remote code execution risk if the external script or its environment is compromised. Additionally, it instructs the agent to read a local file (`~/.clawdbot/farmos-users.json`) for role mapping, demonstrating a capability that could be abused for unauthorized file access via prompt injection. Most critically, the `SKILL.md` explicitly documents 'Integration Endpoints' (e.g., `http://100.102.77.110:8010/api/integration/summary`) that provide access to sensitive financial data *without authentication* if an 'AI access toggle' is enabled, representing a severe vulnerability in the backend API design that the agent could leverage.

Capability Assessment

⚠ Purpose & Capability

The name/description (farm financial queries) matches the documented endpoints, but the SKILL.md requires access to a local auth script (~/clawd/scripts/farmos-auth.sh) and a local role file (~/.clawdbot/farmos-users.json) which are not declared in the skill metadata. The skill also points at a raw IP (http://100.102.77.110:8010) rather than an official hostname. These local paths and internal-host usage are outside what the manifest lists and are unexpected for a simple query skill.

⚠ Instruction Scope

The runtime instructions direct the agent to execute a local script to obtain an admin token and to read a local user-role JSON file to enforce admin-only access. That means the agent must run code and read files in the user's home directory and call an internal IP API. The instructions also imply elevated privilege (admin tokens) and conditional unauthenticated access ('No Auth — if AI access toggle is enabled'), which is vague and broadens what the agent may do.

✓ Install Mechanism

There is no install spec and no code files — the skill is instruction-only, so nothing will be written to disk by the skill package itself. This is the lowest install risk, but it increases the importance of the instructions' external actions.

⚠ Credentials

The manifest declares no required env vars or config paths, yet the SKILL.md depends on a local auth helper script and a specific role-mapping file in the user's home. It also mandates use of admin-level credentials (JWT). Requesting admin JWTs and reading home-directory files is high privilege and is not justified in the manifest.

ℹ Persistence & Privilege

The skill is not marked always:true and does not request to modify system or other skills. However, because it requires admin tokens and local file/script access, autonomous invocation (the default platform behavior) would let the agent fetch highly sensitive financial data without additional checks unless you restrict invocation. This combination increases risk even though 'always' is false.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install farmos-finance
After installation, invoke the skill by name or use /farmos-finance
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of farmos-finance skill for secure farm financial queries. - Provides admin-only access to cost tracking, cash flow projection, and breakeven analysis. - Enforces strict reporting: totals must always be stated and revenue side failures must be disclosed. - API endpoints for summary, line items, breakeven, and full authenticated cash flow reporting. - Includes entity-based cost allocations, category definitions, and monthly timing of costs. - Financial data is strictly restricted to farm owners (admin authentication required).

Metadata

Slug farmos-finance

Version 1.0.0

License —

All-time Installs 6

Active Installs 6

Total Versions 1

Frequently Asked Questions

What is Farmos Finance?

Query farm financial data — cash flow projections, cost tracking, breakeven analysis. Requires admin authentication. Highly sensitive data. It is an AI Agent Skill for Claude Code / OpenClaw, with 906 downloads so far.

How do I install Farmos Finance?

Run "/install farmos-finance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Farmos Finance free?

Yes, Farmos Finance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Farmos Finance support?

Farmos Finance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Farmos Finance?

It is built and maintained by brianppetty (@brianppetty); the current version is v1.0.0.

More Skills