← 返回 Skills 市场
sure-finance-skill
作者
Lucas Moyano
· GitHub ↗
· v0.0.7
· MIT-0
160
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install sure-finance-skill
功能描述
Sure Finance API skill. Use when the user wants personal finance insights, account and transaction operations, tags/categories management, imports, or chat w...
安全使用建议
This skill appears to be what it claims: a thin wrapper of curl-based calls to a Sure API using SURE_API_KEY and SURE_BASE_URL. Before installing or using it: (1) Only provide SURE_API_KEY and SURE_BASE_URL for normal use; do not share optional secrets (MCP_API_TOKEN, EXTERNAL_ASSISTANT_TOKEN, SECRET_KEY_BASE, POSTGRES_PASSWORD) unless you explicitly opt into self-hosting or external-assistant validation. (2) Verify the agent actually asks for opt-in before running those optional flows. (3) If you self-host, carefully review any compose files you download from raw.githubusercontent.com before running docker compose up and use strong, rotated credentials for database and secret keys. (4) Note the small metadata mismatch about requiring curl — ensure curl is available in your environment. If you want stronger assurance, ask the skill author to (a) make required binaries consistent in registry metadata and SKILL.md, and (b) list optional env vars explicitly as "optional" in metadata so automated checks can surface them.
功能分析
Type: OpenClaw Skill
Name: sure-finance-skill
Version: 0.0.7
The skill provides a standard API interface for the Sure finance platform, utilizing curl to manage accounts, transactions, and categories. It includes optional playbooks for self-hosting and external assistant integration that involve downloading configuration files from a specific GitHub repository (we-promise/sure), but these are clearly scoped, documented as optional, and include explicit security warnings for the user to review files. The instructions in SKILL.md and docs/openclaw-compatibility.md emphasize security best practices, such as redacting API keys, avoiding unauthorized file access, and requiring confirmation for destructive operations.
能力评估
Purpose & Capability
The skill's name/description (personal finance actions: accounts, transactions, tags, imports, chats) match the runtime instructions: curl calls to $SURE_BASE_URL authenticated with X-Api-Key. Required env vars SURE_API_KEY and SURE_BASE_URL are appropriate for the stated purpose. Minor inconsistency: the registry metadata summary at the top lists no required binaries, while SKILL.md metadata and compatibility docs state curl is required for core operations.
Instruction Scope
SKILL.md limits operations to curl requests against the provided base URL and explicitly forbids reading unrelated local files or printing API keys. Optional flows (self-hosting, external-assistant validation) are documented and correctly marked as opt-in. These optional flows expand scope (downloading compose files, asking for extra environment variables) and should only run when the user explicitly requests them — the skill explicitly says this, which is good, but users should verify the agent honors that.
Install Mechanism
No install specification or code is present (instruction-only skill), so nothing is written or executed by default. Self-hosting docs instruct downloading compose files from raw.githubusercontent.com (GitHub raw content) — a well-known host — and explicitly advise reviewing files before running; this is expected for an optional self-hosting workflow.
Credentials
Core required env vars are limited to SURE_API_KEY and SURE_BASE_URL, which is proportionate. There are several documented optional, sensitive variables (MCP_API_TOKEN, EXTERNAL_ASSISTANT_TOKEN, SECRET_KEY_BASE, POSTGRES_PASSWORD) used only for self-hosting or external-assistant validation. These optional secrets are not listed in the skill's required-env metadata (the SKILL.md says this is intentional). That design is acceptable but increases the risk of accidental disclosure if the agent or user mistakenly runs opt-in flows; confirm the agent will not prompt for these unless you explicitly opt in.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not declare writing/modifying other skills' configs, and requires no system config paths. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sure-finance-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/sure-finance-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.7
No changes detected in this release.
- Version 0.0.7 introduces no file or documentation updates.
- All features, APIs, and usage instructions remain the same as in the previous version.
v0.0.6
- Added primaryCredential field ("SURE_API_KEY") in metadata for both openclaw and clawdbot.
- Clarified compatibility contract: only core runtime actions use curl/API key; optional self-host/external-assistant flows are separated and only referenced if user requests.
- No functional or interface changes to API instructions or workflows.
v0.0.5
- Clarified guidance on handling optional sensitive environment variables for self-hosting and external assistant features.
- Added instruction: Do not request or provide optional secrets for normal API usage; only use them when explicitly requested by the user.
- No changes to API instructions, compatibility, or sample commands.
v0.0.4
- Contract and description wording simplified for clarity.
- "OpenClaw and ClawHub Compatibility Contract" shortened to "Compatibility Contract".
- Minor text cleanups; no command or API reference changes.
- No file or functionality changes detected.
v0.0.3
- Update skill metadata to clarify the package name and improve compatibility structure for OpenClaw and ClawHub.
- Explicitly document that the skill is instruction-only and restrict runtime actions to `curl` requests against the configured base URL.
- List optional environment variables for external assistant and self-hosting scenarios, clarifying they are not required for core usage.
- Add guidance against instructing agents to read unrelated local files, keychains, or secret stores.
- No changes to code or command examples; all core functionality remains the same.
v0.0.2
Version 0.0.2
- Major documentation update with OpenClaw/ClawHub compatibility guidelines and detailed markdown API reference.
- Added setup and troubleshooting instructions for self-hosting and API credential validation.
- Introduced new docs: api-playbooks, OpenClaw compatibility, and quickstart for self-hosting.
- Improved command examples to be copy-paste ready and automation-friendly.
- Clarified usage scope, agent workflow, and strict environment requirements for shell/API interactions.
v0.0.1
Initial release of Sure Finance Skill.
- Provides detailed API documentation to interact with the Sure personal financial board.
- Supports management and retrieval of accounts, categories, chats, imports, tags, and transactions via REST API.
- Includes setup instructions and example curl commands for each endpoint.
- Environment variable guidance for secure API access and base URL configuration.
元数据
常见问题
sure-finance-skill 是什么?
Sure Finance API skill. Use when the user wants personal finance insights, account and transaction operations, tags/categories management, imports, or chat w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。
如何安装 sure-finance-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sure-finance-skill」即可一键安装,无需额外配置。
sure-finance-skill 是免费的吗?
是的,sure-finance-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
sure-finance-skill 支持哪些平台?
sure-finance-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sure-finance-skill?
由 Lucas Moyano(@secondport)开发并维护,当前版本 v0.0.7。
推荐 Skills