ClawHub

Wafeq API Reference

v1.1.0

Complete Wafeq accounting & e-invoicing API reference for the Middle East (UAE, Saudi Arabia). Use when building integrations with Wafeq, creating/managing i...

0· 282·0 current·0 all-time
byYordi de Kleijn@yordilorenzo·duplicate of @yordilorenzo/wafeq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, documentation files, and the single required environment variable (WAFEQ_API_KEY) all align with a Wafeq API reference skill. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope
SKILL.md stays on-topic (how to call Wafeq endpoints, sample workflows, headers). One mismatch: it suggests validating setup by running scripts/setup.sh from the plugin root, but this bundle contains no scripts — do not run arbitrary scripts from unknown sources. Otherwise the instructions do not request unrelated system data or extra credentials.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk by an installer. This is the lowest-risk install profile.
Credentials
Only WAFEQ_API_KEY is required, which is appropriate. However SKILL.md documents storing the key in ~/.openclaw/openclaw.json (skills.entries.wafeq-api.apiKey), which persists the secret to disk; evaluate the security of that file/location and prefer least-privilege or short-lived keys when possible.
Persistence & Privilege
always is false and there are no requests to modify other skills or system settings. Note: model invocation is enabled by default — if you provide the API key the agent (and this skill) can make Wafeq API calls autonomously, which is expected but increases the importance of using a restricted key.
Assessment
This appears to be a straightforward API reference that legitimately asks only for a Wafeq API key. Before installing/providing secrets: 1) Prefer creating a least-privileged or test API key (scoped or limited) rather than a full-production key. 2) If you must store the key in ~/.openclaw/openclaw.json, ensure that file is protected (filesystem permissions) and that you understand the persistence risk; consider using an OS secret manager instead. 3) Do not run scripts from unknown sources — SKILL.md refers to scripts/setup.sh but the package contains no scripts; if an install or README later asks you to run a downloaded script, review it first. 4) Because the agent can call the API autonomously, decide whether to allow autonomous use or to require user confirmation in your agent settings. 5) If you need higher assurance, verify the skill's provenance (who published it) or prefer installing an official integration from Wafeq or a trusted publisher. If any of these checks fail or you are unsure about the publisher, use a sandbox/test account/key first and rotate the key after testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971dzx3tvh0se1rt76d1v7z6581tjj3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧾 Clawdis
EnvWAFEQ_API_KEY
Primary envWAFEQ_API_KEY

Comments