Automates invoice intake from Gmail, extracts data via OCR, verifies payment in Stripe, and creates reconciliation-ready accounting entries in Xero.
Security Analysis
medium confidenceThe skill's stated bookkeeping orchestration mostly matches its instructions, but there are unexplained and potentially high‑privilege requirements (a single MATON_API_KEY that allegedly covers Gmail/Stripe/Xero and an unexplained python3 dependency) that do not align cleanly with the declared purpose.
The skill's name and runtime instructions match the bookkeeping/orchestration purpose (Gmail → OCR → Stripe → Xero). However, requiring a single MATON_API_KEY 'for Gmail, Stripe, Xero through Maton gateway' is not justified or explained and is unusual for these services (which normally use separate OAuth flows or per-service API keys). Also, python3 is required but the SKILL.md contains no Python steps — this is unexplained.
The SKILL.md limits behavior to email scanning, attachment OCR, payment verification, and Xero writes. It does not instruct the agent to read arbitrary local files or unrelated environment variables, and it includes safety notes (quality gates, manual-review policy). The skill does instruct the agent to install upstream skills via npx, which will cause additional downloads but is within the stated orchestration scope.
This is instruction-only (no install spec), which reduces direct risk. The SKILL.md recommends using 'npx -y clawhub@latest install ...' to install upstream skills; that will cause npx to fetch packages at runtime (moderate risk depending on clawhub's provenance). No direct download URLs or extract steps are present in this skill itself.
Only two env vars are declared, but MATON_API_KEY is described as providing access to Gmail, Stripe, and Xero via a gateway — that is a high-privilege, broad-scope credential that is disproportionate without explanation. DEEPREAD_API_KEY is appropriate for OCR. The skill also declares no primary credential even though MATON_API_KEY appears to be the main secret (inconsistency).
The skill is not marked always:true and does not request modification of other skills' configs. It allows autonomous invocation (disable-model-invocation: false) which is the platform default; there is no indication it would persist beyond normal skill behavior.
Guidance
Before installing or enabling this skill, confirm the following: - Ask the author to explain 'MATON_API_KEY': what is the Maton gateway, which services does it actually control, what scopes/permissions does the key grant, where is it stored, and why is one key used instead of per-service OAuth? A single gateway key that can access Gmail, Stripe, and Xero is high‑impact — prefer per-service OAuth with least privilege. - Ask why python3 is required when the SKILL.md contains no Python steps; verify whether upstream skills (gmail, deepread-ocr, stripe-api, xero) have specific runtime requirements that justify python3 being mandatory. - Request that MATON_API_KEY be declared as the primary credential (or clarify why not) and that the skill document the exact scopes and token rotation/lifecycle. - Audit the upstream skills the meta-skill installs (clawhub install ...). Installing third-party packages via npx will pull remote code — review those package sources and their requested permissions before allowing installation in production accounts. - Insist on least-privilege: ensure the gateway/API token cannot perform actions beyond read/list/write only what is necessary (e.g., read-only Gmail for intake, restricted create only in a specific Xero org). Consider testing in a sandbox Xero/Stripe/Gmail environment first. - Require explicit user confirmation and review policy before any automatic posting of financial records (the SKILL.md's policies are good; ensure enforcement and logging exist). If the author can provide detail on Maton (service homepage, token scope), justify python3, and show that the gateway token does not grant excessive admin power, confidence in this skill would increase. Without that, treat the MATON key as a high‑risk item and proceed cautiously.
Latest Release
v1.0.0
autonomous-bookkeeper v1.0.0 - Initial release of the autonomous-bookkeeper meta-skill. - Orchestrates Gmail, DeepRead OCR, Stripe, and Xero for automated invoice intake, field extraction, payment verification, accounting entry, and traceability. - Implements quality gates, manual review safeguards, and audit trail preservation before any posting. - Requires configuration of input policies (currency, vendor rules, matching tolerances, posting policies, attachment handling). - Provides output summaries for intake, extraction, payment verification, accounting actions, and review queue results.
More by @h4gen
Published by @h4gen on ClawHub
