📦 Xero — 财务集成

Name: Xero — 财务集成
Rating: 11

v1.0.4

托管OAuth的Xero API集成，一键管理联系人、发票、付款、账户并生成财务报表，让用户轻松操控Xero会计数据。

11· 1.8万·11 当前·13 累计

by @byungkyu

API工具云服务数据分析自动化

下载技能包

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is an instruction-only Xero integration that uses a Maton API gateway and only asks for a single API key (MATON_API_KEY); its requirements and instructions are consistent with its stated purpose.

评估建议

This skill proxies Xero API calls through Maton and requires you to provide a MATON_API_KEY. Before installing, confirm you trust Maton (gateway.maton.ai / ctrl.maton.ai) because proxied requests and any data sent will be visible to that service. Use a least-privilege API key, restrict or rotate the key if possible, and revoke it if you stop using the skill. Note that the skill can be invoked by agents automatically (platform default) — only enable it for agents you trust. If you need stronger a...

详细分析 ▾

✓ 用途与能力

The name/description say this is a Xero integration and the SKILL.md exclusively documents calls to Maton gateway endpoints (gateway.maton.ai and ctrl.maton.ai) using a MATON_API_KEY. Requesting a Maton API key is proportional to proxying Xero API calls.

✓ 指令范围

All runtime instructions are network requests to the Maton gateway/control endpoints and examples for using the gateway to reach Xero. The instructions do not ask the agent to read local files, environment variables other than MATON_API_KEY, or system config, nor do they direct data to unexpected endpoints beyond the documented Maton URLs.

✓ 安装机制

There is no install spec and no code is written to disk (instruction-only SKILL.md). This minimizes install-time risk.

ℹ 凭证需求

The skill requires a single env var (MATON_API_KEY), which matches the documented gateway authentication model. Minor note: the registry metadata does not mark a primary credential but the MATON_API_KEY is effectively the primary secret — ensure you treat it like a sensitive API key since it grants access to proxied Xero data.

✓ 持久化与权限

always:false and no install-time persistence is requested. The skill can be invoked autonomously (platform default), which is expected for a usable integration; there is no evidence it modifies other skills or system-wide settings.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.42026/2/2

- Added a new clawdbot metadata section to the skill manifest, specifying an emoji and required environment variable (MATON_API_KEY). - No changes to functionality or documentation content.

● 无害

安装命令

点击复制

官方npx clawhub@latest install xero

镜像加速npx clawhub@latest install xero --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库