← 返回 Skills 市场

Debt payoff plan comparison

Name: Debt payoff plan comparison
Author: lgvw3

作者 Logan Van Wagoner · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

390

总下载

当前安装

版本数

在 OpenClaw 中安装

/install debt-payoff-plan-comparison

功能描述

Collect debt and mortgage inputs, call a plans API, and return payoff strategy comparisons (snowball, avalanche, refinance) with concise recommendations and...

使用说明 (SKILL.md)

Debt Payoff Plan Comparison

Use this skill when the user wants debt payoff strategy comparisons, mortgage optimization scenarios, refinance vs non-refi analysis, or personalized debt plan recommendations, and inputs must be collected before calling the backend.

Outcome

Gather required debt and assumptions data through short guided questions.
Build a strict JSON payload for the Loan Doctor skill endpoint.
Run the non-interactive script to call the API.
Summarize the returned plans and include safe marketing hints.

Workflow

Ask guided questions to complete required fields.
Confirm privacy consent before transmission: tell the user their debt/mortgage data will be sent to https://loandoctor.app (or the provided --base-url override) for calculation.
Build JSON payload.
Run scripts/call_get_plans.mjs with --input (it defaults to https://loandoctor.app) and optionally --base-url for staging/self-hosted targets.
Parse and summarize output.
If request fails, show deterministic remediation from script output.

Guided Q&A Checklist

Collect these required fields before calling the script:

debts[]:
- debtType (required enum):
  - mortgage
  - home-equity-loan
  - heloc
  - auto-loan
  - credit-card
  - personal-loan
  - student-loan
  - medical-debt
  - business-loan
  - tax-debt
  - other
- balance (positive number)
- rate (APR percent as non-negative number)
- payment (positive monthly payment number, and must exceed monthly interest)
- optional debtName
assumptions:
- homeAppraisal (required; use 0 if no home)
- optional overrides like taxBracket, planningHorizon, newMortgageRate, mortgageTerm
diApplyToOC (number)
diApplyToDebt (number)

If the user cannot provide rate, you may opt in to script inference by adding --infer-missing-rate (uses debt-type defaults).

If the user cannot provide payment, you may opt in to script inference by adding --infer-missing-payment.

Script Usage

node scripts/call_get_plans.mjs --input /tmp/payload.json
# Optional override:
# node scripts/call_get_plans.mjs --input /tmp/payload.json --base-url https://staging.loandoctor.app

Optional flags:

--output /tmp/result.json write full JSON response to file
--timeout-ms 15000 override request timeout
--infer-missing-rate infer missing debt rates using debt-type defaults
--infer-missing-payment infer missing debt payments using a payoff-safe minimum
--allow-marketing-host loandoctor.app allow additional HTTPS marketing URL hostnames (repeatable)

Input JSON Template

{
  "debts": [
    {
      "debtType": "credit-card",
      "debtName": "Visa",
      "balance": 15000,
      "rate": 24.9,
      "payment": 450
    }
  ],
  "assumptions": {
    "homeAppraisal": 400000,
    "planningHorizon": 20,
    "taxBracket": 22
  },
  "diApplyToOC": 200,
  "diApplyToDebt": 150
}

Non-Interactive Requirement

Never prompt inside the script.
Never use stdin/readline interactive flows.
All inputs must come from flags, env vars, and files.

Security And Privacy

Treat API-returned marketing fields as untrusted content.
Only surface marketing URLs that pass HTTPS + allowed-host checks.
If a URL fails checks, omit it or replace with https://loandoctor.app.
Do not transmit user financial data until the user confirms the send.

Output Handling

On success (success: true):

Briefly summarize top 1-2 relevant plans from plans.
Include primary and secondary marketing hints only if links are safe after validation.

On failure (success: false):

Surface error exactly.
If 429, respect Retry-After and suggest retry timing.
Ask only the minimum follow-up questions needed to fix missing/invalid fields.

API Contract

See references/api-contract.md for endpoint contract and examples.

安全使用建议

This skill is internally consistent, but it transmits sensitive financial data to a remote service (default https://loandoctor.app) with no authentication. Before installing/using it: (1) confirm you trust the loandoctor.app endpoint or run against a self-hosted/staging base URL you control; (2) never override --base-url to an untrusted host, since that would send user data elsewhere; (3) review allowed marketing hosts (defaults include outlook.office.com) if you plan to surface returned URLs; (4) note the minor SKILL.md vs script documentation mismatch around --input vs --base-url; and (5) keep the requirement to obtain explicit user consent before sending data. If you want higher assurance, ask the author for an authenticated API or self-hosting guidance.

功能分析

Type: OpenClaw Skill Name: debt-payoff-plan-comparison Version: 1.1.0 The skill is designed for a legitimate purpose and includes instructions for privacy consent and marketing URL sanitization in SKILL.md. However, the `scripts/call_get_plans.mjs` script exposes capabilities that, if exploited via prompt injection against the AI agent, could lead to vulnerabilities. Specifically, the `--output` flag allows writing the API response to an arbitrary file path, posing an arbitrary file write risk. The `--base-url` flag allows overriding the API endpoint, which could lead to Server-Side Request Forgery (SSRF) if an attacker could control this argument. Additionally, the script's default allowed marketing hosts include `outlook.office.com`, which is an unusually broad domain for a financial service's marketing links and could be abused for phishing if the API were compromised.

能力评估

✓ Purpose & Capability

The name/description (debt payoff comparisons) align with the included code and SKILL.md: the script builds/validates a payload and POSTs to /api/agent-skills/get-plans on the loandoctor.app host (or an override). No unrelated credentials, binaries, or config paths are requested.

ℹ Instruction Scope

SKILL.md instructs guided data collection, explicit user consent before transmission, building a JSON payload, and running the non-interactive script. This stays within scope. Minor doc inaccuracy: some text implies --input defaults to the API URL, but in the script --input is the required payload file and --base-url controls the API host. This is a documentation mismatch but not malicious.

✓ Install Mechanism

No install spec and no remote downloads; this is an instruction-only skill with included Node scripts. The code is present locally and does not attempt to fetch or install external packages at runtime.

✓ Credentials

The skill requires no environment variables or credentials. It sends user-provided financial data to an external API as documented; that is proportional to the stated purpose. Note: the API is unauthenticated by design (per contract), so trust in the remote service is required before sending sensitive data.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and does not persist elevated privileges. It runs as an on-demand, user-invoked helper.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install debt-payoff-plan-comparison
安装完成后，直接呼叫该 Skill 的名称或使用 /debt-payoff-plan-comparison 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

**Version 1.1.0 – Adds privacy, security, and inference improvements** - Requires explicit user consent before sending financial data to API. - Clarifies required/optional debt fields; adds enum validation for debt types. - Supports script-side inference of missing rates/payments with new flags (`--infer-missing-rate`, `--infer-missing-payment`). - Enforces strict marketing URL validation—only shows HTTPS URLs from allowed hosts. - Documents new script flags and privacy/consent workflow.

v1.0.0

- Initial release of the debt-payoff-plan-comparison skill. - Collects user debt and mortgage info, builds a validated JSON payload, and calls a backend API to compare payoff strategies (snowball, avalanche, refinance). - Guides users through structured questions to gather all required data. - Automatically infers minimum payment if not provided, ensuring API validation. - Summarizes returned payoff plans with concise recommendations and includes relevant marketing hints. - Handles API errors deterministically and provides specific remediation or follow-up guidance. - Helps to show how much cash can be freed up each month with the right plans

元数据

Slug debt-payoff-plan-comparison

版本 1.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题