← 返回 Skills 市场

Ledgi

Name: Ledgi
Author: nelsongallardo

作者 nelsongallardo · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

232

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ledgi

功能描述

Interact with the user's Ledgi personal finance data. Use when the user asks about their accounts, balances, net worth, holdings, investments, ISA allowances...

使用说明 (SKILL.md)

Ledgi CLI Skill

You can interact with the user's Ledgi personal finance tracker using the ledgi CLI. All financial data is accessed through the Ledgi Agent API.

Prerequisites

The ledgi CLI must be installed. If not, install with:

curl -fsSL https://raw.githubusercontent.com/LedgiApp/ledgi-cli/main/install.sh | bash

The LEDGI_API_KEY environment variable must be set, or the user must have run ledgi login --api-key ledgi_sk_...

If a command fails with an auth error, ask the user to set their API key.

Core workflows

Read financial data

ledgi accounts list                    # All accounts
ledgi accounts list --type isa_stocks  # Filter by type
ledgi holdings list                    # All investment holdings
ledgi holdings list --account-id ID    # Holdings in one account
ledgi networth summary                 # Net worth breakdown
ledgi snapshots list                   # Historical snapshots
ledgi isa summary                      # ISA allowance and usage

All commands return JSON by default. Use --output table for human-readable output when displaying to the user.

Create or update accounts

For a single account:

ledgi accounts upsert --name "Monzo Current" --type current --balance 2500 --currency GBP --institution Monzo

For multiple accounts, write a JSON file then bulk-upsert:

ledgi accounts bulk-upsert --file /tmp/accounts.json

See schemas.md for JSON file formats.

Create or update holdings

Write a JSON file then bulk-upsert:

ledgi holdings bulk-upsert --file /tmp/holdings.json

Take a net worth snapshot

ledgi snapshots create
ledgi snapshots create --date 2026-01-31

Log an ISA deposit

ledgi isa deposit --account-id ACCOUNT_ID --amount 5000 --date 2026-02-24

Valid account types

Use these exact values for the --type flag:

Cash: cash, current, savings, premium_bonds
ISA: isa_cash, isa_stocks, isa_lifetime, isa_innovative
Pension: pension, pension_workplace, pension_sipp, pension_state
Investment: investment, crypto_wallet
Property: property
Debt: credit_card, loan, mortgage, student_loan
Other: other_asset, other_liability

Error handling

401 Unauthorized: API key is missing or invalid. Ask the user to check their key.
403 Forbidden: The API key doesn't have the required scope. Tell the user which scope is needed.
404 Not Found: The referenced resource doesn't exist.
422 Validation Error: Invalid input. Check the account type or required fields.

Important notes

Always use --output table when showing results to the user for readability.
When creating accounts, include --external-id for idempotency so re-running won't create duplicates.
Monetary values are in the account's currency (default GBP).
The --date flag uses YYYY-MM-DD format.

For full command reference, see commands.md. For JSON file schemas, see schemas.md.

安全使用建议

Before installing or enabling this skill: (1) Ask the publisher for a homepage or official repository to verify the ledgi-cli project and inspect the install script. (2) Do not run curl | bash from an unknown source — prefer an official release, package, or repository you inspected. (3) Expect the skill to need your LEDGI_API_KEY (a secret); only provide it if you trust the service and understand the API scopes. (4) Confirm the CLI and API endpoints are legitimate and that you control the API key (do not paste keys into third-party UIs). (5) Ask the skill author to correct the registry metadata to declare required env vars and to provide a safe, auditable install mechanism; the current mismatches are the main reason for concern.

功能分析

Type: OpenClaw Skill Name: ledgi Version: 1.0.0 The skill documentation in SKILL.md contains a high-risk 'curl | bash' installation pattern for the ledgi CLI (pointing to raw.githubusercontent.com/LedgiApp/ledgi-cli/main/install.sh). While this is a common distribution method for CLI tools, it facilitates remote code execution (RCE) and is a significant security risk if the agent executes it automatically. The skill is designed to manage sensitive financial data and API keys, but its logic appears aligned with its stated purpose without clear evidence of intentional malice.

能力评估

⚠ Purpose & Capability

The skill's functions (listing accounts, holdings, snapshots, upserts) align with a personal-finance CLI. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md explicitly requires LEDGI_API_KEY / ledgi login. That mismatch between declared requirements and actual runtime needs is incoherent.

⚠ Instruction Scope

SKILL.md stays focused on Ledgi CLI commands and JSON file formats, which is appropriate. But it also instructs installing the CLI via a curl | bash pipeline from a raw GitHub URL. The allowed-tools list only permits Bash(ledgi *) and Bash(echo *), so the install instruction references tools/actions (downloading and executing a remote script) that are outside the skill's declared runtime allowances — an inconsistency and security risk.

⚠ Install Mechanism

There is no formal install spec in the registry, yet SKILL.md tells users to run 'curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash' (download-and-execute). Piping an install script from a raw URL into a shell is high risk unless the source is trusted and verified; the skill should instead declare a vetted install method or include a package reference. The absence of an install spec plus an explicit remote install command is disproportionate.

⚠ Credentials

The skill requires an API key (LEDGI_API_KEY or passing --api-key) per SKILL.md, but the registry lists no required env vars or primary credential. Requiring secret credentials for the user's personal finance data is expected for this purpose, but failing to declare them in metadata is an incoherence and a practical risk (users may not realize what secrets will be needed or transmitted).

✓ Persistence & Privilege

The skill does not request persistent or elevated platform privileges: always is false, it is user-invocable, and there is no install spec that writes to system-wide locations. Autonomous invocation is allowed (default) but not by itself a new concern here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ledgi
安装完成后，直接呼叫该 Skill 的名称或使用 /ledgi 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of the ledgi skill for interacting with personal finance data via the ledgi CLI. - Supports listing, creating, and updating accounts, holdings, snapshots, and ISA deposits. - Provides summaries for accounts, holdings, net worth, ISA usage, and historical snapshots. - Includes error handling for authorization issues and invalid input. - Detailed instructions for bulk operations and required account types.

元数据

Slug ledgi

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Ledgi 是什么？

Interact with the user's Ledgi personal finance data. Use when the user asks about their accounts, balances, net worth, holdings, investments, ISA allowances... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 232 次。

如何安装 Ledgi？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ledgi」即可一键安装，无需额外配置。

Ledgi 是免费的吗？

是的，Ledgi 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Ledgi 支持哪些平台？

Ledgi 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Ledgi？

由 nelsongallardo（@nelsongallardo）开发并维护，当前版本 v1.0.0。