ClawHub

Organizze Skill

v1.3.4

Runs Organizze personal finance API operations via Node.js CLI scripts: accounts, categories, transactions (filters, tag grouping), credit cards (invoices, p...

0· 51·0 current·0 all-time
byFelipe Leão@leaofelipe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual files and behavior: Node.js CLI scripts that call the Organizze REST API. Required binaries (node, npm) and env vars (ORGANIZZE_TOKEN, ORGANIZZE_EMAIL, ORGANIZZE_USER_AGENT) are expected and used by the code; package.json and client.js implement Basic auth against api.organizze.com.br.
Instruction Scope
SKILL.md stays largely within scope (checks for required env vars, guides running node scripts, warns not to log credentials). It suggests two setup options; the second option instructs editing ~/.openclaw/openclaw.json directly to store the API key — this writes the token into gateway config and is more sensitive than local .env usage. Otherwise, instructions do not reference unrelated system files or external endpoints.
Install Mechanism
No installer download or remote binary; project uses a minimal dependency (dotenv) from the npm registry per package.json/package-lock.json. There are local source files that run with node; nothing writes arbitrary third‑party code to disk beyond normal npm install.
Credentials
The skill requests exactly three env vars (email, token, user-agent) that are necessary for Basic auth to the Organizze API. This is proportionate. Caveat: advising users to store the API key in the OpenClaw gateway config (openclaw.json or UI) means the token will be persisted in a central place—users should consider who/what has access to the gateway configs.
Persistence & Privilege
Skill does not request always:true or other elevated platform privileges. It is user-invocable and can run autonomously per platform default; nothing in the code modifies other skills or system-wide settings.
Assessment
This skill appears to be a straightforward CLI client for the Organizze API and is internally consistent. Before installing: (1) verify you trust the skill owner (source/homepage unknown); (2) prefer storing credentials in a local .env rather than editing gateway config if you want to minimise central persistence; (3) if you add the token to the OpenClaw UI/gateway, understand it will be stored there and accessible to any platform components with access to gateway configs; (4) review the included source (client/credentials files) yourself—no obfuscated or network-exfiltration code was found; (5) limit and rotate the Organizze token if possible and grant only necessary privileges on the Organizze side.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dv6wmdq840xangjsbw3374n844p9j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm
EnvORGANIZZE_TOKEN, ORGANIZZE_EMAIL, ORGANIZZE_USER_AGENT
Primary envORGANIZZE_TOKEN

Comments