by 安全扫描
OpenClaw
安全
high confidence该技能为仅指令型的 Xero 集成,使用 Maton API 网关,仅需提供一个 API Key(MATON_API_KEY),其需求和指令与声明的功能相符。
评估建议
该技能安全风险较低。OAuth 托管认证:凭证不由第三方服务器存储。会计数据访问:可访问联系人、发票、付款、账户等财务数据。财务报表生成:支持运行财务报表功能。重要财务操作前建议备份数据。...详细分析 ▾
✓ 用途与能力
The name/description say this is a Xero integration and the SKILL.md exclusively documents calls to Maton gateway endpoints (gateway.maton.ai and ctrl.maton.ai) using a MATON_API_KEY. Requesting a Maton API key is proportional to proxying Xero API calls.
✓ 指令范围
All runtime instructions are network requests to the Maton gateway/control endpoints and examples for using the gateway to reach Xero. The instructions do not ask the agent to read local files, environment variables other than MATON_API_KEY, or system config, nor do they direct data to unexpected endpoints beyond the documented Maton URLs.
✓ 安装机制
There is no install spec and no code is written to disk (instruction-only SKILL.md). This minimizes install-time risk.
ℹ 凭证需求
The skill requires a single env var (MATON_API_KEY), which matches the documented gateway authentication model. Minor note: the registry metadata does not mark a primary credential but the MATON_API_KEY is effectively the primary secret — ensure you treat it like a sensitive API key since it grants access to proxied Xero data.
✓ 持久化与权限
always:false and no install-time persistence is requested. The skill can be invoked autonomously (platform default), which is expected for a usable integration; there is no evidence it modifies other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.42026/2/2
新增了 clawdbot 元数据段到技能清单,指定了表情符号以及必需的环境变量(MATON_API_KEY)。功能或文档内容未做更改。
● 无害
安装命令
点击复制官方npx clawhub@latest install xero
镜像加速npx clawhub@latest install xero --registry https://cn.longxiaskill.com 镜像可用
国内专用无需额外安装
本土化适配说明
无需额外安装
技能文档
(无 SKILL.md 内容)