← 返回 Skills 市场
105
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install spend-ledger
功能描述
Tamper-evident payment ledger for autonomous agents — auto-detects payments across all tools, prevents duplicate payments, and presents full spending history.
安全使用建议
This package appears to do what it says: it inspects tool calls/results, logs transactions to a local tamper-evident JSONL ledger, and offers a localhost dashboard. Before installing or enabling it, consider: 1) Network sync: by default it GETs patterns from https://api.spend-ledger.com daily and can POST opt-in pattern submissions that include a hashed install identifier; disable this by creating data/config.json with "sync_community_patterns": false if you want fully offline operation. 2) Local files: it creates data/transactions.jsonl and data/install-id.json (both written with 0600 mode). If you are concerned about fingerprinting, note the install-id UUID is stored locally and a SHA-256 is sent on opt-in submissions. 3) Hook privileges: the plugin inspects all tool calls and can block duplicate payments in-session — this is necessary for its function but means it has the ability to deny tool calls; review the code if you want stricter behavior. 4) Review the PATTERNS_URL env var if you want to point pattern sync to an internal mirror; otherwise it will use the public api.spend-ledger.com. If you need more assurance, you can audit server/server.js and transactions.js (not fully shown here) for any additional network calls or unexpected data leaks, run it in a restricted environment, or disable community sync and keep the dashboard offline (it binds to 127.0.0.1).
功能分析
Type: OpenClaw Skill
Name: spend-ledger
Version: 0.4.0
The skill contains a code injection vulnerability in 'scripts/query-log.sh' and 'scripts/log-transaction.sh' due to unsafe string interpolation of shell variables into 'node -e' JavaScript commands. A maliciously crafted argument (e.g., a date or service name containing single quotes) could break out of the JS string literal and execute arbitrary code. While the skill implements several high-quality security features—including localhost-only binding, the absence of CORS headers to prevent cross-origin data theft, and automated query parameter stripping to protect API keys—the injection flaw remains a risk. The skill also performs daily outbound network requests to 'api.spend-ledger.com' to synchronize payment detection patterns.
能力标签
能力评估
Purpose & Capability
The skill is a payment-detection/ledger. It requires node and registers before_tool_call and tool_result_persist hooks so it can detect payments and prevent duplicates; that access to tool call params/results and a local ledger file is necessary for the stated purpose. The included scripts (log/query/dashboard) and server code match the description. No unrelated credentials or unusual binaries are required.
Instruction Scope
SKILL.md and README instruct the agent to read and query the local JSONL ledger (data/transactions.jsonl) and to use provided scripts; they also describe the intercept/blocking behavior. The instructions do not ask the agent to read unrelated system files or credentials. The skill does observe all tool call params/results (which is required) — that gives it broad visibility into tool outputs, but this is consistent with its purpose.
Install Mechanism
There is no external download/install step in the manifest. The package contains source files and a package.json with no npm dependencies. No install action pulls code from untrusted URLs or uses URL shorteners. The only network operation in code is fetching community patterns from api.spend-ledger.com (GET) and an opt-in pattern submit (POST).
Credentials
The skill does not require environment variables or credentials by default. It exposes optional environment variables (SPEND_LEDGER_API_URL, PATTERNS_URL, SPEND_LEDGER_CONFIG, etc.) which are reasonable for configurability. One privacy note: the skill creates a per-install UUID at data/install-id.json and uses a SHA-256 of it (submitter_hash) when submitting patterns — this can be used to identify installs in submissions (though the raw UUID is stored locally with 0600 permissions). Pattern sync is enabled by default but can be disabled in data/config.json.
Persistence & Privilege
The skill registers runtime hooks that inspect tool calls and can block duplicate payments within a session — this is high-privilege behavior but required by the stated duplicate-prevention feature. always:false (not force-included) and model invocation is normal. The skill writes only to its own data directory (transactions, cached patterns, install-id) with restrictive file modes (0600) per its docs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spend-ledger - 安装完成后,直接呼叫该 Skill 的名称或使用
/spend-ledger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.0
Security fixes: remove wildcard CORS from dashboard server (prevented cross-origin transaction data reads); strip query params from service.url before storage (prevents accidental capture of API keys in URLs); add sync_community_patterns config option to disable automatic pattern download; fix 'full arguments never stored' documentation inaccuracy
v0.3.0
exec-wrapped payment detection, detectCryptoWallet, duplicate prevention improvements
元数据
常见问题
Spend Ledger 是什么?
Tamper-evident payment ledger for autonomous agents — auto-detects payments across all tools, prevents duplicate payments, and presents full spending history. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 105 次。
如何安装 Spend Ledger?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spend-ledger」即可一键安装,无需额外配置。
Spend Ledger 是免费的吗?
是的,Spend Ledger 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Spend Ledger 支持哪些平台?
Spend Ledger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux)。
谁开发了 Spend Ledger?
由 mattpolly(@mattpolly)开发并维护,当前版本 v0.4.0。
推荐 Skills