← Back to Skills Marketplace
LedgerAI
by
Jbennett111
· GitHub ↗
· v1.0.0
380
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ledgerai
Description
AI bookkeeping via LedgerAI API — invoice processing, expense categorization, financial reports, receipt scanning. Use when user needs automated bookkeeping,...
README (SKILL.md)
LedgerAI
AI bookkeeping API by Voss Consulting Group.
Setup
Set LEDGERAI_API_KEY or LEDGERAI_EMAIL for auto-signup (free, no credit card).
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"[email protected]"}'
Usage
curl -X POST https://anton.vosscg.com/v1/invoices/process \
-H "Authorization: Bearer $LEDGERAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/invoice.pdf", "action": "parse"}'
Capabilities
- Invoice parsing and data extraction
- Expense auto-categorization
- Financial report generation
- Receipt scanning and OCR
API Reference
POST /v1/invoices/process— Process invoicePOST /v1/expenses/categorize— Categorize expensesPOST /v1/reports/generate— Generate financial reportPOST /v1/keys— Get API key (email-only for free tier)GET /v1/health— Health check
Usage Guidance
This skill will send invoices, receipts, or URLs you provide to an external API (default: https://anton.vosscg.com). Before installing or using it: (1) confirm who runs anton.vosscg.com / Voss Consulting Group and review their privacy/security policy; (2) don't send real sensitive financial documents until you trust the vendor — test with non-sensitive examples; (3) be aware you must provide LEDGERAI_API_KEY or LEDGERAI_EMAIL (the skill metadata fails to declare these) and LEDGERAI_API_URL can be changed to point anywhere (which could be used to exfiltrate data if misconfigured); (4) prefer creating a dedicated account/API key with limited scope and monitor network activity; (5) ask the publisher for provenance (homepage, company info) or request that required env vars and primary credential be declared in the registry before trusting production data.
Capability Analysis
Type: OpenClaw Skill
Name: ledgerai
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/forge-client.sh`. The script directly inserts user-provided input (`$1`) into the `curl -d` argument without proper sanitization, allowing an attacker to execute arbitrary shell commands by crafting malicious JSON input. While the skill's stated purpose and external communication with `anton.vosscg.com` appear legitimate for an AI bookkeeping service, this vulnerability poses a significant security risk.
Capability Assessment
Purpose & Capability
Functionality described (invoice parsing, expense categorization, reports) matches the included script and SKILL.md examples. However the package metadata lists no required environment variables or primary credential even though the runtime expects LEDGERAI_API_KEY or LEDGERAI_EMAIL (and optionally LEDGERAI_API_URL). That omission is an incoherence between claimed requirements and actual runtime needs. Also the API base used (https://anton.vosscg.com) is not documented in the skill metadata or linked to a verified vendor/homepage.
Instruction Scope
Instructions and the script instruct the agent to POST invoice/receipt data and URLs to an external API and to auto-signup by POSTing an email. This stays within the stated bookkeeping purpose, but it does mean any invoices/receipts or URLs you provide will be transmitted to the remote endpoint. The instructions do not scope reading local files, but they rely on environment variables that are not declared in metadata.
Install Mechanism
No install spec; this is effectively instruction-only with a small helper script included. Nothing is downloaded or installed from arbitrary URLs during install, which is low risk from an install-mechanism perspective.
Credentials
The skill requires credentials (LEDGERAI_API_KEY or LEDGERAI_EMAIL) and supports overriding LEDGERAI_API_URL, but the registry metadata lists no required env vars or a primary credential. The ability to override API endpoint via LEDGERAI_API_URL means an operator could redirect sensitive financial data to an arbitrary endpoint. Requiring an API key/email is proportionate for a remote bookkeeping service, but the metadata mismatch and endpoint override are notable risks that are not justified in the package manifest.
Persistence & Privilege
No persistent privileges requested (always:false). The skill does not claim to modify other skills or system-wide settings. It only contains a helper script and runtime instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ledgerai - After installation, invoke the skill by name or use
/ledgerai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — AI bookkeeping API client (invoices, expenses, reports). Free tier: 100 req/day.
Metadata
Frequently Asked Questions
What is LedgerAI?
AI bookkeeping via LedgerAI API — invoice processing, expense categorization, financial reports, receipt scanning. Use when user needs automated bookkeeping,... It is an AI Agent Skill for Claude Code / OpenClaw, with 380 downloads so far.
How do I install LedgerAI?
Run "/install ledgerai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is LedgerAI free?
Yes, LedgerAI is completely free (open-source). You can download, install and use it at no cost.
Which platforms does LedgerAI support?
LedgerAI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created LedgerAI?
It is built and maintained by Jbennett111 (@jbennett111); the current version is v1.0.0.
More Skills