Holded Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Holded ERP integration with powerful business-data access, but the artifacts disclose that access and require confirmation before writes.
Install only if you trust the holded CLI dependency and want an agent to help operate your Holded ERP account. Use a restricted API key where possible, inspect every proposed write command carefully, and only confirm changes you fully understand.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If confirmed, commands could change or delete important business, accounting, invoice, contact, product, CRM, project, or team data in Holded.
The skill can perform high-impact ERP mutations, including deletes, but the artifacts also require explicit user confirmation before writes.
Use when the user asks to read, search, create, update, or delete Holded entities ... Ask for explicit user confirmation every time before any write action.
Review the exact command and payload before confirming any write, use the least-privileged Holded API key available, and be especially careful with delete or accounting actions.
A mistaken purchase-receipt payload could create incorrect accounting records if the user confirms it.
The skill intentionally bypasses client-side validation for purchase receipts. This is disclosed and scoped, but it reduces a safety check.
Since holdedcli validates against Holded's schema (which doesn't include `isReceipt`), you must use `--skip-validation` flag.
Only use --skip-validation for the documented receipt case, and manually verify document type, tax treatment, totals, and contact IDs before confirming.
Anyone or any agent process with access to the configured key may be able to read or modify Holded data within that key's scope.
The skill uses a Holded API key and may rely on a local Holded CLI config file, which grants account access according to the key's permissions.
Credentials (priority) 1. `--api-key` 2. `HOLDED_API_KEY` 3. `~/.config/holdedcli/config.yaml`
Use a dedicated, least-privileged API key if possible, avoid exposing it in shared logs or prompts, and rotate or revoke it if no longer needed.
The behavior ultimately depends on the installed holded CLI and its Homebrew tap, not only on this instruction file.
The skill depends on an external Homebrew formula for the holded CLI; that executable is not included in the skill artifacts reviewed here.
brew | formula: jaumecornado/tap/holded | creates binaries: holded
Install the CLI only from a trusted source, review the linked project or tap if needed, and keep it updated through normal package-management practices.