Quickbooks mcp
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: maverick-quickbooks-mcp Version: 1.0.0 The skill bundle provides a QuickBooks integration using the mcporter MCP wrapper. It includes scripts (init-mcporter.sh, invoke.sh) to securely seed OAuth credentials into a local vault using environment variables, employing security best practices such as using flock for concurrency and passing secrets to jq via environment variables to prevent exposure in process listings. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found in the code or documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You cannot verify from these artifacts which QuickBooks server or tools will receive OAuth-backed financial requests.
The reviewed package does not include the MCP manifest, endpoint details, or tool schemas for the QuickBooks provider, yet it still points the agent to runtime QuickBooks tools.
no skill-local `mcporter.json` is registered for QuickBooks yet... In current runtime, inspect the available QuickBooks tools first
Use only after the QuickBooks MCP manifest/provider endpoint and tool schemas are registered and reviewed; verify provider provenance before granting production QuickBooks access.
Sensitive accounting data may flow to a runtime provider that is not reviewable from this package alone.
The data flow names an active tool provider but the reviewed artifacts do not identify that provider, its endpoint, or its permission boundary.
Runtime tool calls, if present in the active OpenClaw environment, use Maverick-provisioned OAuth credentials and expose QuickBooks customer, invoice, payment, expense, vendor, and report data to the active tool provider.
Confirm the active QuickBooks provider identity, OAuth scopes, logging/retention behavior, and tool permissions before using the skill with real company books.
Anyone with access to the local mcporter credentials vault may be able to use the stored QuickBooks authorization.
The initializer persists QuickBooks OAuth access and refresh tokens in mcporter's local credentials vault, which is expected for OAuth MCP operation but is sensitive credential material.
mcp_vault="${HOME}/.mcporter/credentials.json" ... tokens: {access_token: env.mcp_access, refresh_token: env.mcp_refresh, token_type: "Bearer"}Protect the host account and ~/.mcporter directory, use least-privilege QuickBooks scopes where available, and revoke the integration if the environment is no longer trusted.
Mistaken or overbroad tool use could alter invoices, payments, expenses, vendors, or accounting records.
The skill explicitly supports high-impact accounting mutations but also discloses the risk and requires user confirmation.
Write operations that create, update, delete, send, void, or sync customers, invoices, payments, expenses, vendors, and accounting records can affect financial books. Confirm clear user intent before invoking write tools
Keep the skill in read-only use unless a specific write is requested; review current records and confirm exact changes before allowing writes.
A future mcporter package change could affect how this skill runs or handles credentials.
The dependency is purpose-aligned and the skill discloses it, but installing the latest unpinned package leaves behavior dependent on future npm releases.
Auto-installed via `npm install -g --ignore-scripts mcporter`... The install spec uses unpinned `mcporter` (npm `latest`)
Pin mcporter to a reviewed version in controlled environments.