ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ezBookkeeping API Tools

Use ezBookkeeping API Tools script to record new transactions, query transactions, retrieve account information, retrieve categories, retrieve tags, and retr...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 2.1k · 7 current installs · 8 all-time installs
by@mayswind
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual artifacts: the script implements many ezBookkeeping API endpoints and the declared env vars (EBKTOOL_SERVER_BASEURL, EBKTOOL_TOKEN) are exactly what a client tool needs.
Instruction Scope
SKILL.md instructs running scripts/ebktools.sh and mentions creating a .env in the user home containing the two variables. That is in-scope for a CLI client, but storing an API token in a plaintext ~/.env file is sensitive and the script includes endpoints that can list/revoke tokens and modify accounts — review the script before use.
Install Mechanism
No install spec — the skill is delivered as a shell script and runtime instructions. Nothing is downloaded or written by an installer.
Credentials
Only two environment variables are required and both are appropriate. However EBKTOOL_TOKEN is a powerful credential (the script exposes endpoints for session/token management and record changes), so the token should be scoped/minimized and stored securely.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills. It runs only when invoked.
Assessment
This appears to be a legitimate client for a self-hosted ezBookkeeping instance, but take these precautions before installing: - Review scripts/ebktools.sh yourself to confirm it only calls your EBK server and does not send data elsewhere. - Prefer not to store EBKTOOL_TOKEN in a plaintext ~/.env; use a secure credential store if possible. - Create an API token with the minimum scope needed (avoid using an all-powerful account token). The script can list/revoke tokens and modify accounts/transactions, so a compromised token could be destructive. - Ensure EBKTOOL_SERVER_BASEURL points to your trusted server (e.g., http://localhost:8080 or your self-hosted instance) — do not use unknown third-party endpoints. - If you are uncertain about the source (homepage is missing), run the script in a sandbox or review the full file contents before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.0
Download zip
latestvk97d576v2gxnam0039kvafvfcd829r4j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvEBKTOOL_SERVER_BASEURL, EBKTOOL_TOKEN
Primary envEBKTOOL_TOKEN

SKILL.md

ezBookkeeping API Tools

Usage

List all supported commands

Linux / macOS

sh scripts/ebktools.sh list

Windows

scripts\ebktools.ps1 list

Show help for a specific command

Linux / macOS

sh scripts/ebktools.sh help <command>

Windows

scripts\ebktools.ps1 help <command>

Call API

Linux / macOS

sh scripts/ebktools.sh [global-options] <command> [command-options]

Windows

scripts\ebktools.ps1 [global-options] <command> [command-options]

Troubleshooting

If the script reports that the environment variable EBKTOOL_SERVER_BASEURL or EBKTOOL_TOKEN is not set, user can define them as system environment variables, or create a .env file in the user home directory that contains these two variables and place it there.

The meanings of these environment variables are as follows:

VariableRequiredDescription
EBKTOOL_SERVER_BASEURLRequiredezBookkeeping server base URL (e.g., http://localhost:8080)
EBKTOOL_TOKENRequiredezBookkeeping API token

Reference

ezBookkeeping: https://ezbookkeeping.mayswind.net

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…