← 返回 Skills 市场
598
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install nicholasrae-expense-tracker
功能描述
Just say what you spent — your AI logs it, categorizes it, and tracks it against your budget. No apps, no forms, no friction. Supports natural language like...
安全使用建议
This skill appears to do what it says: it logs and reports expenses locally using the included bash scripts. Before installing: 1) Ensure jq (and bc if you want exact bc-based numeric outputs) is installed on the host — the skill metadata does not declare these dependencies even though the scripts require them. 2) Review the included scripts (add-expense.sh, query.sh, budget-check.sh) yourself — they run locally and write to expenses/ledger.json as plain JSON (no encryption). If your ledger contains sensitive notes, consider file permissions or storing the folder on encrypted storage. 3) Note minor inconsistencies: SKILL.md header version (1.0.2) vs registry version (1.0.3) and unknown source/homepage — if provenance matters, ask the publisher for a canonical source or signed release. 4) Because the agent can invoke skills autonomously (platform default), decide whether you want to allow autonomous operations that may append to ledger.json; if not, restrict invocation. Overall this is coherent for a local expense tracker but check dependencies and storage/permissions before use.
功能分析
Type: OpenClaw Skill
Name: nicholasrae-expense-tracker
Version: 1.0.3
The OpenClaw AgentSkills skill bundle for expense tracking is classified as benign. All shell scripts (`add-expense.sh`, `budget-check.sh`, `query.sh`) correctly utilize `jq --arg` and `jq --argjson` to pass user-controlled input as data, effectively preventing `jq` injection vulnerabilities. Input validation for dates and amounts is also implemented. The `SKILL.md` instructions explicitly guide the AI agent to use these secure `jq` methods. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. All file operations are local and confined to the skill's directory.
能力评估
Purpose & Capability
The name/description claim a local expense tracker and the code matches that: all scripts read/write a local ledger and local reference files. However, the skill metadata lists no required binaries while README and the scripts require jq (and README also lists bc). That mismatch is unexpected but consistent with the skill's function (jq is needed to manipulate JSON). Also the SKILL.md header version (1.0.2) differs from the registry version (1.0.3) and the source/homepage are unspecified.
Instruction Scope
SKILL.md instructs the agent to parse natural-language inputs and run the included bash scripts. The scripts only read/write files under the skill directory (references/, expenses/) and do not perform network calls or access unrelated system paths. The scripts include input validation and take care to pass user data to jq via --arg/--argjson to avoid jq-injection.
Install Mechanism
There is no remote install/download step (instruction-only install), and all code is included in the skill bundle. This lowers supply-chain risk. No external URLs or archives are fetched by an install spec. You will need to place the folder into your skills directory manually per README.
Credentials
The skill requests no environment variables or credentials. That matches the local-only design. The only required runtime tools (jq, and optionally bc) are local utilities, not credentials. This is proportionate to the stated purpose.
Persistence & Privilege
always:false (default) and the skill does not modify other skills or global agent configuration. It stores data locally in expenses/ledger.json; this is expected persistence for a local tracker and does not grant elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nicholasrae-expense-tracker - 安装完成后,直接呼叫该 Skill 的名称或使用
/nicholasrae-expense-tracker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Security: fixed jq injection in query.sh — all user input passed via --arg. Safe JSON modification patterns in SKILL.md.
v1.0.2
Improved listing description and tags for discoverability
v1.0.1
Added .clawhubignore, security review passed
v1.0.0
Chat-based expense logging, budget tracking, and spending reports for OpenClaw
元数据
常见问题
Expense Tracker 是什么?
Just say what you spent — your AI logs it, categorizes it, and tracks it against your budget. No apps, no forms, no friction. Supports natural language like... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 598 次。
如何安装 Expense Tracker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nicholasrae-expense-tracker」即可一键安装,无需额外配置。
Expense Tracker 是免费的吗?
是的,Expense Tracker 完全免费(开源免费),可自由下载、安装和使用。
Expense Tracker 支持哪些平台?
Expense Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Expense Tracker?
由 Nick(@nicholasrae)开发并维护,当前版本 v1.0.3。
推荐 Skills