GridTRX
v0.1.21Double-entry, full-cycle accounting suite built for AI agents. Converts bank CSVs, OFX, and QBO files into balanced, auditable books — balance sheet, income...
⭐ 2· 533·0 current·0 all-time
byCware@737999
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (accounting engine) matches the included code (models.py, cli.py, mcp_server.py) and the single required binary (python3). GRIDTRX_WORKSPACE is a workspace path used to restrict which SQLite books.db files the tool may open — this is coherent with the stated purpose.
Instruction Scope
SKILL.md and ai.txt instruct the agent to run the CLI or start the MCP server and to operate only on SQLite books inside GRIDTRX_WORKSPACE. The instructions emphasize 'all data is local' and the code enforces an explicit workspace boundary. Note: the docs suggest copying/backing up or emailing the books.db file — that is a user action that can expose sensitive financial data if done carelessly, but it is not performed automatically by the skill.
Install Mechanism
No install spec is embedded; the repository includes source files and a requirements.txt with optional dependencies (mcp, flask). SKILL.md instructs users to pip install the optional packages before use. There is no download-from-URL or extract step in the skill bundle that would write arbitrary third-party code at runtime.
Credentials
Only GRIDTRX_WORKSPACE is required (declared as primaryEnv). This is a path, not a secret credential, and is directly used to enforce a workspace boundary. No unrelated secrets or external API keys are requested.
Persistence & Privilege
always is false. The skill allows autonomous invocation (disable-model-invocation is false), which is standard for skills and expected for agent-driven bookkeeping. The skill does not request system-wide configuration changes or other skills' credentials.
Assessment
This skill is coherent with its description, but before installing or running it: (1) set GRIDTRX_WORKSPACE to a dedicated directory (not your home or root) so the tool cannot access unrelated files; (2) review the included Python files yourself (or have a developer do so) if you will run the MCP server — it will expose programmatic tools to any agent that can call it; (3) only install optional dependencies (mcp, flask) from trusted registries and limit network exposure (run MCP only for local agent processes, not on a public interface); (4) treat books.db as sensitive financial data — the docs mention copying/ emailing it, but that is a human action you should control; (5) note that the repo is provided with source code included, and the skill does not auto-install unknown binaries, so you remain in control of dependency installation and runtime invocation.Like a lobster shell, security has layers — review code before you run it.
accountingvk975ymgzd1cbvh452ks56j7ttx822r8mai-agentsvk975ymgzd1cbvh452ks56j7ttx822r8mbookkeepingvk975ymgzd1cbvh452ks56j7ttx822r8mclivk975ymgzd1cbvh452ks56j7ttx822r8mdouble-entryvk975ymgzd1cbvh452ks56j7ttx822r8mlatestvk97cp3399462237n68q8vz2bcx82bbrvmcpvk975ymgzd1cbvh452ks56j7ttx822r8msqlitevk975ymgzd1cbvh452ks56j7ttx822r8m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
EnvGRIDTRX_WORKSPACE
Primary envGRIDTRX_WORKSPACE