ClawHub

Clovercli

v1.0.0

Command-line interface for managing Clover POS data including inventory, orders, payments, customers, employees, discounts, taxes, tenders, and reports with...

1· 1.5k·3 current·3 all-time
by@g9pedro
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly documents a Clover POS CLI that requires CLOVER_ACCESS_TOKEN and CLOVER_MERCHANT_ID, and instructs installing @versatly/clovercli. However the skill registry metadata lists no description, no required env vars, and no primary credential. The functionality is coherent for a Clover CLI, but the metadata omission is inconsistent and prevents automated vetting of the required credentials.
Instruction Scope
The instructions stay within the expected scope for a CLI: installing the tool, setting environment variables for API access, and running commands against Clover endpoints. The SKILL.md does not instruct the agent to read arbitrary local files or send data to unexpected external endpoints beyond the documented npm/GitHub package and Clover API.
Install Mechanism
There is no install spec in the registry (instruction-only skill), but the SKILL.md tells the user/agent to run npm i -g @versatly/clovercli or clone a GitHub repo. Installing a third‑party npm package is a normal way to get this CLI, but it introduces moderate risk: the package and repo should be verified (author, code, recent releases, vulnerabilities). The skill itself does not provide integrity information (checksum, pinned version) or an install script.
!
Credentials
The runtime instructions require CLOVER_ACCESS_TOKEN and CLOVER_MERCHANT_ID (and optionally CLOVER_REGION), which are sensitive credentials, but the skill metadata does not declare any required env vars or a primary credential. This mismatch means the registry record understates the credential needs and could lead to accidental credential exposure if users follow instructions without realizing the sensitivity.
Persistence & Privilege
The skill does not request persistent presence (always=false) and has no install artifact in the registry. It does not ask to modify other skills or system settings. Autonomous invocation is allowed (platform default) but not, by itself, a red flag here.
What to consider before installing
What to consider before installing/use: - The SKILL.md requires sensitive env vars (CLOVER_ACCESS_TOKEN, CLOVER_MERCHANT_ID) but the skill metadata doesn't declare them — treat this as an inconsistency and assume you will need to provide secrets. - Verify the npm package and GitHub repo before installing: check the package owner (@versatly), review the repository code, recent commit/activity, npm download counts, and open issues. Prefer installing in an isolated environment (container/VM) if you want to test it. - Create and use least-privilege Clover credentials (scoped token) and avoid putting long-lived secrets into your global shell rc without understanding the risk. - The SKILL.md includes a specific "Known Client" row (a merchant id). That may indicate sample/test data or real customer data; be cautious about privacy/leakage. - Because the skill is instruction-only, the platform won't pre-install anything for you — if you allow an agent to run the documented install commands, those commands will execute on your system. Only proceed if you trust the package and repository. If you want me to: I can (1) fetch the npm package page and GitHub repo metadata to summarize ownership/activity, or (2) list concrete checks to perform on the repo and package before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972yb7pb6f8f4drapycyn8r6s80hpyf
1.5kdownloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@g9pedro
latest
Download

CloverCLI Skill

CLI for Clover POS API — inventory, orders, payments, customers, employees, discounts, and analytics.

Version: 1.2.0 (90-day chunking, retry logic, period shortcuts, discounts, taxes, tenders)

Setup

# Install from npm
npm i -g @versatly/clovercli

# Or clone and build
cd ~/Projects
git clone https://github.com/Versatly/clovercli.git
cd clovercli && npm install && npm run build

# Set credentials (add to ~/.bashrc)
export CLOVER_ACCESS_TOKEN="your-token"
export CLOVER_MERCHANT_ID="your-merchant-id"

# Optional alias
alias clover='clovercli'

Quick Reference

# Check connection
clovercli auth status
clovercli merchant get

# Business dashboard
clovercli reports summary

Reports with Period Shortcuts ✨

# Using --period (new in v1.2.0!)
clovercli reports sales --period today
clovercli reports sales --period yesterday
clovercli reports sales --period this-week
clovercli reports sales --period last-week
clovercli reports sales --period this-month
clovercli reports sales --period last-month
clovercli reports sales --period mtd          # Month to date
clovercli reports sales --period ytd          # Year to date

# Or use explicit dates
clovercli reports sales --from 2026-01-01 --to 2026-01-31
clovercli reports daily --period this-month
clovercli reports hourly --date 2026-02-03
clovercli reports top-items --limit 20
clovercli reports payments
clovercli reports refunds
clovercli reports taxes
clovercli reports categories
clovercli reports employees
clovercli reports compare --period1-from ... --period2-from ...

# Export data
clovercli reports export orders --output orders.csv --format csv
clovercli reports export items --output items.json

Merchant Settings

# Merchant info
clovercli merchant get

# Tax rates
clovercli merchant taxes list

# Payment tenders
clovercli merchant tenders list

Discounts (v1.2.0+)

clovercli discounts list
clovercli discounts get <id>
clovercli discounts create --name "10% Off" --percentage 10
clovercli discounts create --name "$5 Off" --amount 500
clovercli discounts delete <id>

Inventory

clovercli inventory items list
clovercli inventory items get <id>
clovercli inventory categories list
clovercli inventory stock list

Orders & Payments

clovercli orders list --limit 50
clovercli orders get <id>

clovercli payments list --limit 50
clovercli payments get <id>

Customers & Employees

clovercli customers list
clovercli customers get <id>

clovercli employees list
clovercli employees get <id>

Raw API Access

clovercli api get '/v3/merchants/{mId}/tax_rates'
clovercli api get '/v3/merchants/{mId}/modifiers'

Output Formats

All list commands support:

  • --output table (default) — formatted table
  • --output json — raw JSON
  • --quiet — IDs only

Reliability Features (v1.2.0+)

  • 90-day auto-chunking: Long date ranges automatically split into chunks
  • Exponential backoff: Auto-retry on rate limits with backoff
  • Retry-after support: Respects Clover's retry-after header

Regions

RegionUse
usUS merchants (default)
euEurope
laLatin America
sandboxDevelopment/testing

Set via: export CLOVER_REGION=eu

Known Clients

ClientMerchant IDNotes
REMEMBR6KF70H0B6E041Mauricio's Brazilian restaurant (Pedro's dad)

Source

Comments

Loading comments...