ezBookkeeping API Tools
v1.3.0Use ezBookkeeping API Tools script to record new transactions, query transactions, retrieve account information, retrieve categories, retrieve tags, and retr...
⭐ 2· 2.4k·9 current·10 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the declared requirements (EBKTOOL_SERVER_BASEURL and EBKTOOL_TOKEN) and the shipped script implements API calls for ezBookkeeping endpoints. The requested env vars are appropriate for a client of a self‑hosted API.
Instruction Scope
SKILL.md instructs the agent/user to run scripts/ebktools.sh (Linux/macOS) and references a PowerShell counterpart for Windows; the package only contains the shell script (scripts/ebktools.sh). The README/troubleshooting suggests placing a .env file in the user home directory — the script will therefore read environment variables or allow storing them in ~/.env, which is normal but means it may access files in the user home. Review the full shell script for any unexpected file reads, hidden endpoints, or network calls beyond the provided server base URL.
Install Mechanism
No install spec — instruction-only with an included shell script. No downloads, package installs, or archive extraction are declared.
Credentials
Only EBKTOOL_SERVER_BASEURL and EBKTOOL_TOKEN are required (primaryEnv is EBKTOOL_TOKEN). These are appropriate and proportional for a client that talks to a bookkeeping API; no unrelated credentials or broad environment access is requested.
Persistence & Privilege
always is false and the skill does not request persistent/system‑wide configuration or elevated privileges. The agent may invoke it autonomously (platform default), which is expected for skills.
Assessment
This skill appears coherent for interacting with an ezBookkeeping server: it only needs a server base URL and an API token. Before installing or running it, open and read scripts/ebktools.sh in full (it is included) to verify there are no unexpected network endpoints, telemetry, or code that reads unrelated files. Note the SKILL.md mentions a Windows PowerShell script (scripts/ebktools.ps1) that is not present in the manifest — if you need Windows support, ask the publisher or inspect the missing file. Keep your EBKTOOL_TOKEN scoped/minimal (rotate it if possible) and avoid placing highly privileged credentials in a .env file in a shared/home directory unless you trust the environment. If you find any hardcoded external URLs or code that sends data to hosts other than your EBKTOOL_SERVER_BASEURL, do not run the script and report the finding.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
EnvEBKTOOL_SERVER_BASEURL, EBKTOOL_TOKEN
Primary envEBKTOOL_TOKEN
latest
ezBookkeeping API Tools
Usage
List all supported commands
Linux / macOS
sh scripts/ebktools.sh list
Windows
scripts\ebktools.ps1 list
Show help for a specific command
Linux / macOS
sh scripts/ebktools.sh help <command>
Windows
scripts\ebktools.ps1 help <command>
Call API
Linux / macOS
sh scripts/ebktools.sh [global-options] <command> [command-options]
Windows
scripts\ebktools.ps1 [global-options] <command> [command-options]
Troubleshooting
If the script reports that the environment variable EBKTOOL_SERVER_BASEURL or EBKTOOL_TOKEN is not set, user can define them as system environment variables, or create a .env file in the user home directory that contains these two variables and place it there.
The meanings of these environment variables are as follows:
| Variable | Required | Description |
|---|---|---|
EBKTOOL_SERVER_BASEURL | Required | ezBookkeeping server base URL (e.g., http://localhost:8080) |
EBKTOOL_TOKEN | Required | ezBookkeeping API token |
Reference
ezBookkeeping: https://ezbookkeeping.mayswind.net
Comments
Loading comments...