← Back to Skills Marketplace

Xero Cli

Name: Xero Cli
Author: teddyengel

by TeddyEngel · GitHub ↗ · v1.0.7 · MIT-0

cross-platform ✓ Security Clean

350

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xero-cli

Description

Interact with Xero accounting software - manage invoices, contacts, accounts, payments, and bank transactions

Usage Guidance

This skill appears to do what it says: it needs your Xero client ID/secret, will open a browser for OAuth, run a temporary local server on port 5001, and store tokens under the skill's data/tokens.json. Before installing or running: (1) confirm you trust the source (repo: https://github.com/TeddyEngel/XeroCli), (2) be aware that 'npx -y bun' will fetch/execute a runtime package at execution time — consider running in an isolated environment or container if you want extra safety, (3) understand the skill will write tokens to the skill directory (revoke the Xero app or clear tokens if you stop using it), and (4) if you need stricter control, inspect the included source files yourself (they are present) and/or change XERO_REDIRECT_URI to a value you control. If anything is unclear, run the OAuth step manually outside the agent or test in a throwaway workspace first.

Capability Analysis

Type: OpenClaw Skill Name: xero-cli Version: 1.0.7 The xero-cli skill bundle is a legitimate tool for interacting with the Xero accounting API. It uses the official 'xero-node' SDK and implements a standard OAuth2 flow with a local callback server (scripts/auth/oauth-server.ts) and local token storage (scripts/auth/token-store.ts). The commands provided in the scripts/commands directory align perfectly with the stated purpose of managing invoices, contacts, and bank transactions, and there is no evidence of data exfiltration, malicious execution, or prompt injection.

Capability Assessment

✓ Purpose & Capability

Name/description match the code and required environment variables. The skill only requests XERO_CLIENT_ID and XERO_CLIENT_SECRET, which are exactly what's needed to authenticate to the Xero API. The included commands operate on invoices, contacts, accounts, payments and bank transactions via the Xero SDK — consistent with the description.

ℹ Instruction Scope

The SKILL.md instructs the agent to run the repo's TypeScript CLI via 'npx -y bun ${SKILL_DIR}/scripts/cli.ts'. At runtime the code will: open a browser for OAuth, start a local Express server on port 5001 to receive the callback, call Xero's API endpoints, and read/write a local token file (data/tokens.json). These actions are coherent with performing OAuth and using the Xero API, but they do give the skill the ability to bind a local port, open the browser, and write files under the skill directory. The code also reads optional env vars (XERO_REDIRECT_URI, XERO_SCOPES) beyond the two declared required env vars.

ℹ Install Mechanism

There is no formal install spec in registry metadata, but SKILL.md uses 'npx -y bun' to execute the TypeScript scripts. That will fetch and execute a runtime package via npx (npm). This is a common pattern but means the agent will download and run a package at execution time rather than relying on preinstalled, audited binaries. The repository includes full source code, so code will run from the checked-in files.

✓ Credentials

Only XERO_CLIENT_ID and XERO_CLIENT_SECRET are required and are appropriate for a Xero integration. The code also checks optional env vars (XERO_REDIRECT_URI, XERO_SCOPES) which are reasonable for customizing OAuth behavior. No unrelated secrets or platform credentials are requested.

ℹ Persistence & Privilege

The skill stores OAuth tokens to a local file (data/tokens.json) inside the skill directory and can refresh tokens. It also starts a temporary HTTP server on port 5001 during authentication. 'always' is false and the skill is user-invocable, so it will not be force-enabled globally. The file writes and port binding are expected for an OAuth client but are persistent effects you should be aware of.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xero-cli
After installation, invoke the skill by name or use /xero-cli
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.7

- Fixed issue with using old xero scopes - Clarified the setup instructions for obtaining Xero credentials by noting which OAuth2 scopes should be added on Xero's app configuration page (or that scopes will be requested during OAuth). - No other changes detected.

v1.0.6

- Documentation formatting updated in SKILL.md for improved readability. - No code or functionality changes; all commands and examples remain the same. - Section headers restructured and redundant separators removed for clarity.

v1.0.5

- Added a "Security Notes" section outlining token storage and environment variable usage. - Clarified where OAuth tokens are saved, emphasizing the need to treat token files as sensitive credentials. - Explained the use of optional environment variables (`XERO_REDIRECT_URI` and `XERO_SCOPES`). - Reassured users that all code resides in the `scripts/` directory for easy inspection.

v1.0.4

Major change: Migrated to standalone Bun-based script CLI. All core Xero command scripts are now included locally. - Added 15 script files for authentication, CLI entrypoint, and all key Xero command groups. - Now runs via Bun with local scripts instead of an npm package. - Updated SKILL.md with new run instructions using Bun and local script directory. - Maintains full coverage of invoices, contacts, accounts, payments, bank transactions, allocations, and authentication commands.

v1.0.3

- Major documentation update: SKILL.md reorganized and streamlined for easier setup, authentication, and command usage. - Added detailed Xero API credential instructions and OpenClaw environment setup guide. - Migrated command references and examples to version 1.0.3 in all snippets. - Included clear guidance for error troubleshooting and agent steps if credentials are missing. - No functional or CLI changes to code detected; this release focuses on documentation improvements.

v1.0.2

- Added homepage and source links to skill metadata. - Updated all usage examples to pin the CLI version explicitly (using npx -y [email protected]). - No changes to CLI commands or functionality.

v1.0.1

- Added explicit npm dependency ("xero-skill-openclaw") to metadata for improved environment setup. - No user-facing command or functionality changes.

v1.0.0

Initial release of xero-cli – manage key Xero accounting functions from the command line. - Authenticate with Xero and manage multiple organizations (tenants). - Create, update, and filter invoices, payments, and bank transactions. - Manage contacts, accounts, overpayments, prepayments, and allocations. - All commands run directly via `npx` and output JSON. - Concise cheat-sheets and example workflows included for common accounting tasks.

Metadata

Slug xero-cli

Version 1.0.7

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 8

Frequently Asked Questions

What is Xero Cli?

Interact with Xero accounting software - manage invoices, contacts, accounts, payments, and bank transactions. It is an AI Agent Skill for Claude Code / OpenClaw, with 350 downloads so far.

How do I install Xero Cli?

Run "/install xero-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Xero Cli free?

Yes, Xero Cli is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Xero Cli support?

Xero Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Xero Cli?

It is built and maintained by TeddyEngel (@teddyengel); the current version is v1.0.7.

More Skills