ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Accounting Tool

v1.0.0

Financial management with invoices, expenses, job costing, P&L reports, and QuickBooks sync — built for AI agents.

0· 107·0 current·0 all-time
by@cameron48

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cameron48/mcf-accounting-tool.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Accounting Tool" (cameron48/mcf-accounting-tool) from ClawHub.
Skill page: https://clawhub.ai/cameron48/mcf-accounting-tool
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mcf-accounting-tool

ClawHub CLI

Package manager switcher

npx clawhub@latest install mcf-accounting-tool
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description match the listed endpoints (invoices, expenses, P&L, QuickBooks sync). However the skill declares no required credentials or env vars while offering QuickBooks sync and paid API access — both normally require explicit auth (QuickBooks OAuth tokens, API keys, or wallet signing). The absence of any declared credential or auth flow is inconsistent with the capabilities.
!
Instruction Scope
SKILL.md only lists endpoints, gateway, and that x402 payment is required. It does not describe how to authenticate to the gateway, how to perform the x402 payment (wallet, signing, or delegated payment service), nor how QuickBooks sync authenticates. This gap could lead an agent to request or handle sensitive secrets (e.g., OAuth tokens, private keys) or to attempt on-chain payments without safe instructions.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and there is no package download risk.
!
Credentials
No env vars or primary credential are declared, yet advertised features (QuickBooks sync, paid gateway requiring x402) normally require credentials or wallet access. The declared requirement set is therefore underspecified and disproportionate to the claimed functionality.
Persistence & Privilege
Default privileges (not always, model invocation allowed) and no install make this low-privilege in terms of persistence; no evidence it attempts to modify other skills or system config.
Scan Findings in Context
[no-findings] unexpected: Regex scanner found nothing because this is instruction-only with a single SKILL.md. That absence is not reassuring here because the SKILL.md omits expected auth/payment details for its advertised features.
What to consider before installing
Before installing or using this skill, ask the maintainer for clear docs on authentication and payment flows: (1) How does QuickBooks sync authenticate? (expect OAuth or API tokens — never paste private keys into chat). (2) How are x402 payments executed and signed? Will the skill ask the agent to sign transactions or provide wallet private keys? (3) Verify the gateway domain (gateway.mcfagentic.com) and the business behind it; avoid sending credentials or private keys to unknown services. If you plan to let an agent act autonomously, restrict its ability to request/store secrets and test in an isolated environment. If these questions aren't answered satisfactorily, treat the skill as unsafe to grant access to any credentials or wallets.

Like a lobster shell, security has layers — review code before you run it.

latestvk972d2cqr6pkq7t0qpwpmhxtsh843x4p
107downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@cameron48
latest
Download

Accounting Tool

Give your AI agent full control over financial operations. Create and send invoices, log expenses, track job costs, and pull P&L reports — all through simple API calls. Sync everything to QuickBooks when you need it in your traditional accounting stack. Ideal for agents managing client billing, tracking project profitability, or automating month-end reporting without touching a spreadsheet.

Authentication

All endpoints require x402 payment (USDC on Base L2). Send a request without payment to receive pricing info in the 402 response.

Endpoints

MethodPathPriceDescription
GET/api/accounting/stats$0.001Financial overview
GET/api/accounting/invoices$0.001List invoices
POST/api/accounting/invoices$0.01Create invoice
GET/api/accounting/invoices/:id$0.001Get invoice details
PATCH/api/accounting/invoices/:id/send$0.05Send invoice
PATCH/api/accounting/invoices/:id/pay$0.01Mark invoice paid
GET/api/accounting/expenses$0.001List expenses
POST/api/accounting/expenses$0.01Create expense
GET/api/accounting/job-costs$0.001List job costs
POST/api/accounting/job-costs$0.01Create job cost entry
GET/api/accounting/job-costs/summary$0.01Job cost summary
GET/api/accounting/reports/pnl$0.05P&L report
GET/api/accounting/reports/revenue-by-month$0.05Revenue by month
GET/api/accounting/reports/expenses-by-category$0.05Expenses by category
POST/api/accounting/quickbooks/sync$0.10Sync with QuickBooks
GET/api/accounting/quickbooks/sync-log$0.001QuickBooks sync log

Comments

Loading comments...