← 返回 Skills 市场
danielsimons1

Bill Tracker

作者 danielsimons1 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
685
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install bill-tracker
功能描述
Retrieve upcoming bills, account balances, and assess if you can afford a specified amount within a set time frame.
使用说明 (SKILL.md)

Bill Tracker Skill

When the user asks about their bills, account balances, or whether they can afford something, use the bash tool to call the Bill Tracker API.

Required environment

  • BILL_TRACKER_URL - Base URL (e.g. https://your-server.com or http://localhost:1337)
  • BILL_TRACKER_SESSION_TOKEN - Session token for authentication (obtained once via POST /api/mcp/token)

Getting a session token

Bill Tracker uses magic-link auth (no passwords). Two steps:

  1. Request a verification code (sent to email):
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}' \
  "${BILL_TRACKER_URL}/api/mcp/request-code"
  1. Exchange the code from your email for a session token:
curl -s -X POST -H "Content-Type: application/json" \
  -d '{"code":"123456"}' \
  "${BILL_TRACKER_URL}/api/mcp/token"

Store the returned sessionToken in BILL_TRACKER_SESSION_TOKEN. Tokens are long-lived; no need to re-verify on every request. (Codes expire in 10 minutes.)

Endpoints

1. Upcoming transactions (bills and income due soon)

POST ${BILL_TRACKER_URL}/api/mcp/upcoming-transactions
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "days": 3 }

Default days is 3. Increase for a longer window (e.g. days=7).

2. Account balances

POST ${BILL_TRACKER_URL}/api/mcp/account-balances
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}

Returns each account with name, type, balance, and a totalBalance (cash minus debt).

3. Can I afford X?

POST ${BILL_TRACKER_URL}/api/mcp/can-afford
X-Parse-Session-Token: ${BILL_TRACKER_SESSION_TOKEN}
Body: { "amount": 500, "horizonDays": 90 }

Replace 500 with the amount in dollars. horizonDays defaults to 90.

Returns either canAfford: true with the date they can afford it, or canAfford: false with a message.

How to call

Use curl with POST. Pass X-Parse-Session-Token (or Authorization: Bearer $BILL_TRACKER_SESSION_TOKEN) for authentication. The token identifies the user—no email or password needed. Parse the JSON response and summarize clearly for the user.

Example (upcoming transactions):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"days": 3}' \
  "${BILL_TRACKER_URL}/api/mcp/upcoming-transactions"

Example (account balances):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{}' \
  "${BILL_TRACKER_URL}/api/mcp/account-balances"

Example (can afford):

curl -s -X POST -H "X-Parse-Session-Token: $BILL_TRACKER_SESSION_TOKEN" -H "Content-Type: application/json" \
  -d '{"amount": 500}' \
  "${BILL_TRACKER_URL}/api/mcp/can-afford"
安全使用建议
This skill is coherent with its description, but before installing: ensure BILL_TRACKER_URL points to a trusted HTTPS endpoint you control or trust; keep BILL_TRACKER_SESSION_TOKEN secret and store it only in a secure environment (do not paste into public chats); prefer a dedicated read-only account or token if available; confirm token lifetime/permissions so compromise risk is limited; and be aware that the agent will use the token to call the API (autonomously when invoked). If you didn't expect to provide a session token or don't trust the service URL, do not install the skill.
功能分析
Type: OpenClaw Skill Name: bill-tracker Version: 1.0.0 The skill is designed for legitimate financial tracking but presents a significant shell injection vulnerability. The `SKILL.md` instructs the AI agent to use the `bash` tool to construct `curl` commands, dynamically inserting user-provided values for parameters like `amount` and `days` into JSON payloads without explicit sanitization. This lack of sanitization guidance for the agent could allow a malicious user to inject arbitrary shell commands via prompt injection, leading to remote code execution.
能力评估
Purpose & Capability
Name/description (retrieve upcoming bills, balances, affordability) match the declared environment variables (BILL_TRACKER_URL and BILL_TRACKER_SESSION_TOKEN) and the endpoints documented in SKILL.md. Requiring a session token and base URL is expected for an API-only bill-tracking integration.
Instruction Scope
SKILL.md restricts actions to making POST calls to the Bill Tracker API (curl via bash), parsing JSON, and summarizing results. It does not instruct reading unrelated files, accessing other environment variables, or transmitting data to third-party endpoints.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes the risk of arbitrary code being written or executed on disk.
Credentials
Only two environment variables are required: the service base URL and a session token (primary credential). Both are directly justified by the skill's purpose. No unrelated secrets or broad cloud credentials are requested.
Persistence & Privilege
always:false (normal). disable-model-invocation:false means the agent may call the skill autonomously, which is the platform default; this is not a red flag by itself but you should be aware the agent can issue API calls using the provided session token when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bill-tracker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bill-tracker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of Bill Tracker skill. - Provides access to upcoming bills, account balances, and affordability checks via the Bill Tracker API. - Requires environment variables: BILL_TRACKER_URL and BILL_TRACKER_SESSION_TOKEN. - Supports authentication via magic-link email flow. - Details three main API endpoints: upcoming transactions, account balances, and affordability analysis.
元数据
Slug bill-tracker
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Bill Tracker 是什么?

Retrieve upcoming bills, account balances, and assess if you can afford a specified amount within a set time frame. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 685 次。

如何安装 Bill Tracker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bill-tracker」即可一键安装,无需额外配置。

Bill Tracker 是免费的吗?

是的,Bill Tracker 完全免费(开源免费),可自由下载、安装和使用。

Bill Tracker 支持哪些平台?

Bill Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bill Tracker?

由 danielsimons1(@danielsimons1)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论