← 返回 Skills 市场
nick4man

Receipt Tracker

作者 Sergei Shibanov · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
293
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install receipt-tracker
功能描述
Распознает фотографии чеков, разбивает расходы по категориям (продукты, заправка, аптека, такси, животные и др.) и сохраняет их в базу (expenses.csv). Генери...
安全使用建议
Do not install or enable this skill until you validate its origin and the purpose of nc_worker.py. Specific actions to consider: - Ask the author why a Nextcloud scanner and hard-coded credentials are included; require removal of any embedded secrets and moving credentials to environment variables if remote access is truly needed. - If you only want chat-uploaded receipts saved to local CSV, remove nc_worker.py before use or inspect/replace it with audited code that only performs the documented steps. - Treat the embedded Nextcloud credentials as sensitive: rotate/change them if they are real and were used elsewhere. - If you accept remote-Nextcloud functionality, insist on secure configuration (no hardcoded passwords, explicit requires.env entries, host allowlist) and an explanation of what files/folders the skill will access. - Because the skill can run exec/python per SKILL.md, audit any runtime behavior and avoid granting it access to sensitive system areas. If you are unsure, do not enable autonomous invocation until you have reviewed/modified the code.
功能分析
Type: OpenClaw Skill Name: receipt-tracker Version: 1.1.0 The skill bundle contains hardcoded plaintext credentials (username and password) for a Nextcloud instance within the `nc_worker.py` file. While the core logic in `SKILL.md` for receipt tracking and OCR via Gemini appears benign and functional, the inclusion of static credentials and an internal network URL (http://fedora:8082) represents a significant security risk and poor practice, though no clear evidence of intentional data exfiltration or malicious behavior was identified.
能力评估
Purpose & Capability
The README/ SKILL.md describes handling user-uploaded receipt images via an OpenClaw subagent and saving results to a local CSV. However, the repository also contains nc_worker.py which implements (or intends to) a Nextcloud scanner: it points to an internal URL, a Nextcloud folder, and embeds a username/password. The SKILL.md does not mention any Nextcloud integration or the need for remote file access, so the code's presence and embedded credentials are not coherent with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to spawn a subagent (sessions_spawn) using model 'gemini-2.5-flash', accept uploaded file paths, run OCR/analysis, and read/write the CSV at /opt/.openclaw/.../expenses.csv. Those instructions are generally in-scope for a receipt tracker, but they explicitly permit running exec/bash/python and reading/writing the agent workspace. That is expected for a local tracker but grants the skill the ability to run arbitrary local commands — a user should confirm this is acceptable.
Install Mechanism
There is no install spec (instruction-only skill plus a small helper script). This is the lowest install-risk category because nothing is automatically downloaded or installed during skill activation.
Credentials
The skill declares no required environment variables, yet nc_worker.py contains hard-coded Nextcloud credentials (USER and PASS) and a network host (http://fedora:8082/remote.php/dav). Requesting or embedding network credentials that are unrelated to the SKILL.md workflow is disproportionate. If the Nextcloud integration is intended, credentials should be declared explicitly and provided securely (not embedded in code); if not, the file is extraneous and risky.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It writes to a CSV in the agent workspace, which aligns with its stated behavior. Autonomous invocation is allowed (default) but not by itself a reason to block.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install receipt-tracker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /receipt-tracker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added Nextcloud WebDAV worker support (nc_worker.py)
元数据
Slug receipt-tracker
版本 1.1.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Receipt Tracker 是什么?

Распознает фотографии чеков, разбивает расходы по категориям (продукты, заправка, аптека, такси, животные и др.) и сохраняет их в базу (expenses.csv). Генери... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 293 次。

如何安装 Receipt Tracker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install receipt-tracker」即可一键安装,无需额外配置。

Receipt Tracker 是免费的吗?

是的,Receipt Tracker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Receipt Tracker 支持哪些平台?

Receipt Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Receipt Tracker?

由 Sergei Shibanov(@nick4man)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论