Xero Cli
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill appears purpose-built for Xero, but it gives the agent broad, persistent ability to view and change accounting records, so it deserves review before use.
Install only if you are comfortable giving the agent access to your Xero accounting data. Treat it like a financial write-access tool: confirm every invoice, payment, bank transaction, allocation, or voiding action before execution; protect the local token file; and revoke or log out when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could create, authorize, void, or record financial transactions in the connected Xero organization.
The skill documents high-impact accounting mutations, including authorizing invoices and voiding payments, but the artifacts do not show a required confirmation, dry run, or approval gate before the agent can invoke those commands.
`invoices create ...` | Create invoice; `invoices update <id> --status AUTHORISED` | Update status; `payments create ...` | Create payment; `payments delete <id>` | Void payment
Use this skill only with explicit per-action approval for create/update/delete/authorize/void/reconcile operations; start with read-only commands where possible and verify tenant, account, amounts, and dates before any mutation.
Anyone or any agent process with access to the configured credentials and tokens may be able to read and modify sensitive Xero accounting information.
The skill requests persistent OAuth access and broad Xero accounting scopes. This is aligned with the advertised Xero management features, but it grants substantial authority over accounting data.
const XERO_SCOPES = process.env.XERO_SCOPES || 'openid offline_access accounting.contacts accounting.settings accounting.invoices accounting.payments accounting.banktransactions accounting.attachments';
Use a dedicated Xero app and least-privileged account where possible, review requested scopes, and revoke the app from Xero when it is no longer needed.
A local user or process that can read the token file may be able to reuse the Xero session until the token is revoked or cleared.
The OAuth token set is written to a local JSON file. Persistent token storage is expected for an OAuth CLI, but the artifact does not show encryption or restrictive file permissions.
this.tokenPath = tokenPath || path.join(__dirname, '../../data/tokens.json'); ... fs.writeFileSync(this.tokenPath, JSON.stringify(data, null, 2), 'utf-8');
Protect the local OpenClaw/skill directory, avoid shared machines for this skill, and run `auth logout` or revoke the Xero app when access is no longer needed.
Runtime behavior may depend on the package resolved by `npx` and the local dependency environment.
The documented execution path uses `npx -y` to run Bun for the CLI. This is central to the skill, but it can fetch or execute package tooling outside a pinned install spec.
npx -y bun ${SKILL_DIR}/scripts/cli.ts <command>Prefer a pinned Bun/runtime version and audited dependencies, or install dependencies from the skill source before using it for financial operations.