← 返回 Skills 市场
Xero Cli
作者
TeddyEngel
· GitHub ↗
· v1.0.7
· MIT-0
350
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install xero-cli
功能描述
Interact with Xero accounting software - manage invoices, contacts, accounts, payments, and bank transactions
安全使用建议
This skill appears to do what it says: it needs your Xero client ID/secret, will open a browser for OAuth, run a temporary local server on port 5001, and store tokens under the skill's data/tokens.json. Before installing or running: (1) confirm you trust the source (repo: https://github.com/TeddyEngel/XeroCli), (2) be aware that 'npx -y bun' will fetch/execute a runtime package at execution time — consider running in an isolated environment or container if you want extra safety, (3) understand the skill will write tokens to the skill directory (revoke the Xero app or clear tokens if you stop using it), and (4) if you need stricter control, inspect the included source files yourself (they are present) and/or change XERO_REDIRECT_URI to a value you control. If anything is unclear, run the OAuth step manually outside the agent or test in a throwaway workspace first.
功能分析
Type: OpenClaw Skill
Name: xero-cli
Version: 1.0.7
The xero-cli skill bundle is a legitimate tool for interacting with the Xero accounting API. It uses the official 'xero-node' SDK and implements a standard OAuth2 flow with a local callback server (scripts/auth/oauth-server.ts) and local token storage (scripts/auth/token-store.ts). The commands provided in the scripts/commands directory align perfectly with the stated purpose of managing invoices, contacts, and bank transactions, and there is no evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
Name/description match the code and required environment variables. The skill only requests XERO_CLIENT_ID and XERO_CLIENT_SECRET, which are exactly what's needed to authenticate to the Xero API. The included commands operate on invoices, contacts, accounts, payments and bank transactions via the Xero SDK — consistent with the description.
Instruction Scope
The SKILL.md instructs the agent to run the repo's TypeScript CLI via 'npx -y bun ${SKILL_DIR}/scripts/cli.ts'. At runtime the code will: open a browser for OAuth, start a local Express server on port 5001 to receive the callback, call Xero's API endpoints, and read/write a local token file (data/tokens.json). These actions are coherent with performing OAuth and using the Xero API, but they do give the skill the ability to bind a local port, open the browser, and write files under the skill directory. The code also reads optional env vars (XERO_REDIRECT_URI, XERO_SCOPES) beyond the two declared required env vars.
Install Mechanism
There is no formal install spec in registry metadata, but SKILL.md uses 'npx -y bun' to execute the TypeScript scripts. That will fetch and execute a runtime package via npx (npm). This is a common pattern but means the agent will download and run a package at execution time rather than relying on preinstalled, audited binaries. The repository includes full source code, so code will run from the checked-in files.
Credentials
Only XERO_CLIENT_ID and XERO_CLIENT_SECRET are required and are appropriate for a Xero integration. The code also checks optional env vars (XERO_REDIRECT_URI, XERO_SCOPES) which are reasonable for customizing OAuth behavior. No unrelated secrets or platform credentials are requested.
Persistence & Privilege
The skill stores OAuth tokens to a local file (data/tokens.json) inside the skill directory and can refresh tokens. It also starts a temporary HTTP server on port 5001 during authentication. 'always' is false and the skill is user-invocable, so it will not be force-enabled globally. The file writes and port binding are expected for an OAuth client but are persistent effects you should be aware of.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xero-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/xero-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
- Fixed issue with using old xero scopes
- Clarified the setup instructions for obtaining Xero credentials by noting which OAuth2 scopes should be added on Xero's app configuration page (or that scopes will be requested during OAuth).
- No other changes detected.
v1.0.6
- Documentation formatting updated in SKILL.md for improved readability.
- No code or functionality changes; all commands and examples remain the same.
- Section headers restructured and redundant separators removed for clarity.
v1.0.5
- Added a "Security Notes" section outlining token storage and environment variable usage.
- Clarified where OAuth tokens are saved, emphasizing the need to treat token files as sensitive credentials.
- Explained the use of optional environment variables (`XERO_REDIRECT_URI` and `XERO_SCOPES`).
- Reassured users that all code resides in the `scripts/` directory for easy inspection.
v1.0.4
Major change: Migrated to standalone Bun-based script CLI. All core Xero command scripts are now included locally.
- Added 15 script files for authentication, CLI entrypoint, and all key Xero command groups.
- Now runs via Bun with local scripts instead of an npm package.
- Updated SKILL.md with new run instructions using Bun and local script directory.
- Maintains full coverage of invoices, contacts, accounts, payments, bank transactions, allocations, and authentication commands.
v1.0.3
- Major documentation update: SKILL.md reorganized and streamlined for easier setup, authentication, and command usage.
- Added detailed Xero API credential instructions and OpenClaw environment setup guide.
- Migrated command references and examples to version 1.0.3 in all snippets.
- Included clear guidance for error troubleshooting and agent steps if credentials are missing.
- No functional or CLI changes to code detected; this release focuses on documentation improvements.
v1.0.2
- Added homepage and source links to skill metadata.
- Updated all usage examples to pin the CLI version explicitly (using npx -y [email protected]).
- No changes to CLI commands or functionality.
v1.0.1
- Added explicit npm dependency ("xero-skill-openclaw") to metadata for improved environment setup.
- No user-facing command or functionality changes.
v1.0.0
Initial release of xero-cli – manage key Xero accounting functions from the command line.
- Authenticate with Xero and manage multiple organizations (tenants).
- Create, update, and filter invoices, payments, and bank transactions.
- Manage contacts, accounts, overpayments, prepayments, and allocations.
- All commands run directly via `npx` and output JSON.
- Concise cheat-sheets and example workflows included for common accounting tasks.
元数据
常见问题
Xero Cli 是什么?
Interact with Xero accounting software - manage invoices, contacts, accounts, payments, and bank transactions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 350 次。
如何安装 Xero Cli?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xero-cli」即可一键安装,无需额外配置。
Xero Cli 是免费的吗?
是的,Xero Cli 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Xero Cli 支持哪些平台?
Xero Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xero Cli?
由 TeddyEngel(@teddyengel)开发并维护,当前版本 v1.0.7。
推荐 Skills