Erpclaw Publish 4.3.1 20260511 000823
ReviewAudited by ClawScan on May 11, 2026.
Overview
This ERP skill mostly matches its stated purpose, but it handles high-impact financial/payroll/credential data and tells the agent to hide exact internal actions even when asked.
Review this skill before installing if it will hold real company finances, payroll, tax, or integration credentials. Confirm every high-impact action in plain English, keep backups of ~/.openclaw/erpclaw/data.sqlite, avoid storing secrets until you understand the credential behavior, and be cautious with optional GitHub modules.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be able to verify exactly which ERP action was run for invoices, payments, payroll, database restores, or module installs.
The skill directs the agent to withhold exact internal action names even when the user explicitly asks, which reduces auditability for financial and administrative actions.
If the user explicitly asks "which command did you run?" or "what's the technical name?", politely decline. ... "That's an internal routing detail; I'd rather keep the conversation in business terms."
Only use this skill if you are comfortable with business-language confirmations, or require the agent to disclose technical action names on request before and after high-impact changes.
The agent can make meaningful changes to business records when confirmed, such as payments, invoices, accounting entries, backups, and module installs.
The skill explicitly has high-impact actions, and it includes a confirmation gate; this is purpose-aligned for an ERP but users should treat confirmations seriously.
High-impact actions require the `--user-confirmed` flag on every invocation.
Before confirming, check the plain-English description, affected company/customer/vendor, amounts, dates, and whether the action is reversible.
Stored integration tokens or other secrets could become accessible through agent actions if permissions, output handling, or confirmations are not configured carefully.
The router exposes credential storage/retrieval and master-key actions, but the visible artifacts do not clearly bound which credentials can be stored or retrieved, how outputs are redacted, or who may invoke them.
"set-credential": "erpclaw-setup", "get-credential": "erpclaw-setup", "list-credentials": "erpclaw-setup", "delete-credential": "erpclaw-setup", "migrate-credentials": "erpclaw-setup", "import-master-key-from-backup": "erpclaw-setup"
Review the credential implementation before storing secrets, use least-privilege tokens, avoid unnecessary integrations, and confirm whether `get-credential` returns secret values or only metadata.
Installing a module may add new code and new ERP actions beyond the core package.
The skill can add executable functionality by installing optional modules from GitHub; the text says user approval is required and the source is limited, but remote module provenance still matters.
45 optional expansion modules (user-approved install from GitHub) ... Network access limited to `fetch-exchange-rates` (public API) and user-approved `install-module` from `github.com/avansaber/*`.
Install only modules you need, verify the repository and module name, and re-check permissions and actions after installation.
Installation or setup may run Python code and create or modify ERPClaw local state.
The SKILL.md declares a post-install Python command that initializes the database, while the registry summary says there is no install spec. The command is purpose-aligned but is still local code execution and state creation.
metadata: {"openclaw":{"type":"executable","install":{"post":"python3 scripts/erpclaw-setup/db_query.py --action initialize-database"}...Install from the expected source, review the setup command if your environment is sensitive, and back up existing ERPClaw data before updates.
Sensitive business data will remain on disk and can influence later ERP actions and reports.
The skill persistently stores ERP data locally. That is expected for an ERP, but the database may contain financial, payroll, HR, tax, customer, supplier, and credential-related records reused across sessions.
Single SQLite database at `~/.openclaw/erpclaw/data.sqlite`
Protect the local account, back up and encrypt the database as appropriate, and avoid letting untrusted users or prompts modify persistent ERP records.