← Back to Skills Marketplace

Gusto

Name: Gusto
Author: aiwithabidi

by aiwithabidi · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

387

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install gusto

Description

Gusto payroll & HR — manage employees, payroll, benefits, and tax forms via REST API

README (SKILL.md)

💰 Gusto

Gusto payroll & HR — manage employees, payroll, benefits, and tax forms via REST API

Requirements

Variable	Required	Description
`GUSTO_ACCESS_TOKEN`	✅	OAuth access token
`GUSTO_COMPANY_ID`	✅	Company UUID

Quick Start

# Get company info
python3 {{baseDir}}/scripts/gusto.py company

# List locations
python3 {{baseDir}}/scripts/gusto.py locations

# List employees
python3 {{baseDir}}/scripts/gusto.py employees

# Get employee
python3 {{baseDir}}/scripts/gusto.py employee-get id \x3Cvalue>

# Create employee
python3 {{baseDir}}/scripts/gusto.py employee-create --first_name \x3Cvalue> --last_name \x3Cvalue> --email \x3Cvalue>

# List payrolls
python3 {{baseDir}}/scripts/gusto.py payrolls --start_date \x3Cvalue> --end_date \x3Cvalue>

# Get payroll
python3 {{baseDir}}/scripts/gusto.py payroll-get id \x3Cvalue>

# List pay schedules
python3 {{baseDir}}/scripts/gusto.py pay-schedules

All Commands

Command	Description
`company`	Get company info
`locations`	List locations
`employees`	List employees
`employee-get`	Get employee
`employee-create`	Create employee
`payrolls`	List payrolls
`payroll-get`	Get payroll
`pay-schedules`	List pay schedules
`compensations`	List compensations
`benefits`	List benefits
`employee-benefits`	List employee benefits
`contractors`	List contractors
`contractor-payments`	List contractor payments
`tax-forms`	List tax forms
`garnishments`	List garnishments

Output Format

All commands output JSON by default. Add --human for readable formatted output.

python3 {{baseDir}}/scripts/gusto.py \x3Ccommand> --human

Script Reference

Script	Description
`{{baseDir}}/scripts/gusto.py`	Main CLI — all commands in one tool

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Usage Guidance

This skill largely matches its stated purpose, but take these precautions before using it with real payroll credentials: 1) Review the script locally—get_env() will open ~/.openclaw/workspace/.env (or a WORKSPACE path) to look for variables; make sure that file does not contain unrelated secrets you don't want the skill accessing. 2) The code contains a likely bug: many API paths keep the literal '{company_id}' placeholder instead of inserting GUSTO_COMPANY_ID; test in a safe environment first. 3) Confirm the GUSTO_ACCESS_TOKEN scope is least-privilege (read-only if you only need reads) and prefer a test account/token. 4) Note the skill's homepage is a third-party developer site (agxntsix.ai), not Gusto's official domain—verify trustworthiness of the publisher before providing sensitive credentials. 5) If you must use it, run it in an isolated environment (limited token, container, or throwaway account) until you are satisfied it behaves as expected.

Capability Analysis

Type: OpenClaw Skill Name: gusto Version: 1.0.0 The skill is classified as suspicious due to two vulnerabilities found in `scripts/gusto.py`. First, the `req` function contains logic (`if path.startswith("http"): url = path`) that would allow Server-Side Request Forgery (SSRF) if a user-controlled path starting with 'http' were passed to it, even though the current command implementations do not directly expose this. Second, the `try_json` function, used for processing user input like `first_name` and `email`, could lead to data type confusion or API misuse if a user provides valid JSON strings instead of simple text, potentially sending unintended data structures to the Gusto API. Additionally, many commands in `scripts/gusto.py` contain a critical functional bug where the `company_id` variable is undefined, leading to `NameError` and making most API calls non-functional.

Capability Assessment

✓ Purpose & Capability

Name, description, declared env vars (GUSTO_ACCESS_TOKEN, GUSTO_COMPANY_ID) and the included CLI script align with a Gusto REST API integration—these credentials are plausible and necessary for the stated purpose.

ℹ Instruction Scope

SKILL.md only instructs the agent to run the included Python CLI with the declared env vars, which is appropriate. The script itself, however, will attempt to read a .env file from WORKSPACE or ~/.openclaw/workspace if the env var is not set—this file-read behavior is not documented in SKILL.md and broadens the scope of data the skill will access.

✓ Install Mechanism

No install spec; the skill is instruction + a single Python script using only the stdlib. This is low-risk compared with arbitrary downloads or external installers.

⚠ Credentials

The skill requires only two credentials, which is proportionate. However, get_env() will also look for those variables inside a .env file located under WORKSPACE or ~/.openclaw/workspace—a location that may contain other unlisted secrets. The SKILL.md does not declare WORKSPACE or mention the .env lookup. Also, the script uses GUSTO_COMPANY_ID in code but fails to substitute company_id into path placeholders (a functional bug), which could result in malformed requests if not fixed.

✓ Persistence & Privilege

The skill does not request permanent 'always' inclusion, does not install system-wide components, and does not modify other skills' config. It runs as an on-demand CLI tool.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install gusto
After installation, invoke the skill by name or use /gusto
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of Gusto payroll & HR skill. - Provides CLI commands for managing employees, payroll, benefits, and tax forms using Gusto's REST API. - Requires GUSTO_ACCESS_TOKEN and GUSTO_COMPANY_ID environment variables. - Outputs JSON by default, with optional human-readable formatting. - No external dependencies; works with Python 3.10+ standard library. - Includes documentation for all commands and quick start examples.

Metadata

Slug gusto

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Gusto?

Gusto payroll & HR — manage employees, payroll, benefits, and tax forms via REST API. It is an AI Agent Skill for Claude Code / OpenClaw, with 387 downloads so far.

How do I install Gusto?

Run "/install gusto" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gusto free?

Yes, Gusto is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gusto support?

Gusto is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gusto?

It is built and maintained by aiwithabidi (@aiwithabidi); the current version is v1.0.0.

More Skills