← 返回 Skills 市场
LedgerAI
作者
Jbennett111
· GitHub ↗
· v1.0.0
380
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ledgerai
功能描述
AI bookkeeping via LedgerAI API — invoice processing, expense categorization, financial reports, receipt scanning. Use when user needs automated bookkeeping,...
使用说明 (SKILL.md)
LedgerAI
AI bookkeeping API by Voss Consulting Group.
Setup
Set LEDGERAI_API_KEY or LEDGERAI_EMAIL for auto-signup (free, no credit card).
curl -X POST https://anton.vosscg.com/v1/keys -H 'Content-Type: application/json' -d '{"email":"[email protected]"}'
Usage
curl -X POST https://anton.vosscg.com/v1/invoices/process \
-H "Authorization: Bearer $LEDGERAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/invoice.pdf", "action": "parse"}'
Capabilities
- Invoice parsing and data extraction
- Expense auto-categorization
- Financial report generation
- Receipt scanning and OCR
API Reference
POST /v1/invoices/process— Process invoicePOST /v1/expenses/categorize— Categorize expensesPOST /v1/reports/generate— Generate financial reportPOST /v1/keys— Get API key (email-only for free tier)GET /v1/health— Health check
安全使用建议
This skill will send invoices, receipts, or URLs you provide to an external API (default: https://anton.vosscg.com). Before installing or using it: (1) confirm who runs anton.vosscg.com / Voss Consulting Group and review their privacy/security policy; (2) don't send real sensitive financial documents until you trust the vendor — test with non-sensitive examples; (3) be aware you must provide LEDGERAI_API_KEY or LEDGERAI_EMAIL (the skill metadata fails to declare these) and LEDGERAI_API_URL can be changed to point anywhere (which could be used to exfiltrate data if misconfigured); (4) prefer creating a dedicated account/API key with limited scope and monitor network activity; (5) ask the publisher for provenance (homepage, company info) or request that required env vars and primary credential be declared in the registry before trusting production data.
功能分析
Type: OpenClaw Skill
Name: ledgerai
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/forge-client.sh`. The script directly inserts user-provided input (`$1`) into the `curl -d` argument without proper sanitization, allowing an attacker to execute arbitrary shell commands by crafting malicious JSON input. While the skill's stated purpose and external communication with `anton.vosscg.com` appear legitimate for an AI bookkeeping service, this vulnerability poses a significant security risk.
能力评估
Purpose & Capability
Functionality described (invoice parsing, expense categorization, reports) matches the included script and SKILL.md examples. However the package metadata lists no required environment variables or primary credential even though the runtime expects LEDGERAI_API_KEY or LEDGERAI_EMAIL (and optionally LEDGERAI_API_URL). That omission is an incoherence between claimed requirements and actual runtime needs. Also the API base used (https://anton.vosscg.com) is not documented in the skill metadata or linked to a verified vendor/homepage.
Instruction Scope
Instructions and the script instruct the agent to POST invoice/receipt data and URLs to an external API and to auto-signup by POSTing an email. This stays within the stated bookkeeping purpose, but it does mean any invoices/receipts or URLs you provide will be transmitted to the remote endpoint. The instructions do not scope reading local files, but they rely on environment variables that are not declared in metadata.
Install Mechanism
No install spec; this is effectively instruction-only with a small helper script included. Nothing is downloaded or installed from arbitrary URLs during install, which is low risk from an install-mechanism perspective.
Credentials
The skill requires credentials (LEDGERAI_API_KEY or LEDGERAI_EMAIL) and supports overriding LEDGERAI_API_URL, but the registry metadata lists no required env vars or a primary credential. The ability to override API endpoint via LEDGERAI_API_URL means an operator could redirect sensitive financial data to an arbitrary endpoint. Requiring an API key/email is proportionate for a remote bookkeeping service, but the metadata mismatch and endpoint override are notable risks that are not justified in the package manifest.
Persistence & Privilege
No persistent privileges requested (always:false). The skill does not claim to modify other skills or system-wide settings. It only contains a helper script and runtime instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ledgerai - 安装完成后,直接呼叫该 Skill 的名称或使用
/ledgerai触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — AI bookkeeping API client (invoices, expenses, reports). Free tier: 100 req/day.
元数据
常见问题
LedgerAI 是什么?
AI bookkeeping via LedgerAI API — invoice processing, expense categorization, financial reports, receipt scanning. Use when user needs automated bookkeeping,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 380 次。
如何安装 LedgerAI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ledgerai」即可一键安装,无需额外配置。
LedgerAI 是免费的吗?
是的,LedgerAI 完全免费(开源免费),可自由下载、安装和使用。
LedgerAI 支持哪些平台?
LedgerAI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 LedgerAI?
由 Jbennett111(@jbennett111)开发并维护,当前版本 v1.0.0。
推荐 Skills