← Back to Skills Marketplace

Receipt Tracker

Name: Receipt Tracker
Author: nick4man

by Sergei Shibanov · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

293

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install receipt-tracker

Description

Распознает фотографии чеков, разбивает расходы по категориям (продукты, заправка, аптека, такси, животные и др.) и сохраняет их в базу (expenses.csv). Генери...

Usage Guidance

Do not install or enable this skill until you validate its origin and the purpose of nc_worker.py. Specific actions to consider: - Ask the author why a Nextcloud scanner and hard-coded credentials are included; require removal of any embedded secrets and moving credentials to environment variables if remote access is truly needed. - If you only want chat-uploaded receipts saved to local CSV, remove nc_worker.py before use or inspect/replace it with audited code that only performs the documented steps. - Treat the embedded Nextcloud credentials as sensitive: rotate/change them if they are real and were used elsewhere. - If you accept remote-Nextcloud functionality, insist on secure configuration (no hardcoded passwords, explicit requires.env entries, host allowlist) and an explanation of what files/folders the skill will access. - Because the skill can run exec/python per SKILL.md, audit any runtime behavior and avoid granting it access to sensitive system areas. If you are unsure, do not enable autonomous invocation until you have reviewed/modified the code.

Capability Analysis

Type: OpenClaw Skill Name: receipt-tracker Version: 1.1.0 The skill bundle contains hardcoded plaintext credentials (username and password) for a Nextcloud instance within the `nc_worker.py` file. While the core logic in `SKILL.md` for receipt tracking and OCR via Gemini appears benign and functional, the inclusion of static credentials and an internal network URL (http://fedora:8082) represents a significant security risk and poor practice, though no clear evidence of intentional data exfiltration or malicious behavior was identified.

Capability Assessment

⚠ Purpose & Capability

The README/ SKILL.md describes handling user-uploaded receipt images via an OpenClaw subagent and saving results to a local CSV. However, the repository also contains nc_worker.py which implements (or intends to) a Nextcloud scanner: it points to an internal URL, a Nextcloud folder, and embeds a username/password. The SKILL.md does not mention any Nextcloud integration or the need for remote file access, so the code's presence and embedded credentials are not coherent with the stated purpose.

ℹ Instruction Scope

The SKILL.md instructs the agent to spawn a subagent (sessions_spawn) using model 'gemini-2.5-flash', accept uploaded file paths, run OCR/analysis, and read/write the CSV at /opt/.openclaw/.../expenses.csv. Those instructions are generally in-scope for a receipt tracker, but they explicitly permit running exec/bash/python and reading/writing the agent workspace. That is expected for a local tracker but grants the skill the ability to run arbitrary local commands — a user should confirm this is acceptable.

✓ Install Mechanism

There is no install spec (instruction-only skill plus a small helper script). This is the lowest install-risk category because nothing is automatically downloaded or installed during skill activation.

⚠ Credentials

The skill declares no required environment variables, yet nc_worker.py contains hard-coded Nextcloud credentials (USER and PASS) and a network host (http://fedora:8082/remote.php/dav). Requesting or embedding network credentials that are unrelated to the SKILL.md workflow is disproportionate. If the Nextcloud integration is intended, credentials should be declared explicitly and provided securely (not embedded in code); if not, the file is extraneous and risky.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills' configs. It writes to a CSV in the agent workspace, which aligns with its stated behavior. Autonomous invocation is allowed (default) but not by itself a reason to block.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install receipt-tracker
After installation, invoke the skill by name or use /receipt-tracker
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

Added Nextcloud WebDAV worker support (nc_worker.py)

Metadata

Slug receipt-tracker

Version 1.1.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Receipt Tracker?

Распознает фотографии чеков, разбивает расходы по категориям (продукты, заправка, аптека, такси, животные и др.) и сохраняет их в базу (expenses.csv). Генери... It is an AI Agent Skill for Claude Code / OpenClaw, with 293 downloads so far.

How do I install Receipt Tracker?

Run "/install receipt-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Receipt Tracker free?

Yes, Receipt Tracker is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Receipt Tracker support?

Receipt Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Receipt Tracker?

It is built and maintained by Sergei Shibanov (@nick4man); the current version is v1.1.0.

More Skills