Skip to main content

xero

Integrates with Xero API for managing accounting data, including contacts, invoices, and financial reports using OAuth authentication.

Install this skill

or
75/100

Security score

The xero skill was audited on Feb 11, 2026 and we found 21 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 266

Template literal with variable interpolation in command context

SourceSKILL.md
266'Authorization': `Bearer ${process.env.MATON_API_KEY}`
low line 262

Fetch to external URL

SourceSKILL.md
262const response = await fetch(
low line 266

Access to .env file

SourceSKILL.md
266'Authorization': `Bearer ${process.env.MATON_API_KEY}`
low line 4

External URL reference

SourceSKILL.md
4Xero API integration with managed OAuth. Manage contacts, invoices, payments, accounts, and run financial reports. Use this skill when users want to interact with Xero accounting data. For other third
low line 26

External URL reference

SourceSKILL.md
26req = urllib.request.Request('https://gateway.maton.ai/xero/api.xro/2.0/Contacts')
low line 35

External URL reference

SourceSKILL.md
35https://gateway.maton.ai/xero/{native-api-path}
low line 56

External URL reference

SourceSKILL.md
561. Sign in or create an account at [maton.ai](https://maton.ai)
low line 57

External URL reference

SourceSKILL.md
572. Go to [maton.ai/settings](https://maton.ai/settings)
low line 62

External URL reference

SourceSKILL.md
62Manage your Xero OAuth connections at `https://ctrl.maton.ai`.
low line 69

External URL reference

SourceSKILL.md
69req = urllib.request.Request('https://ctrl.maton.ai/connections?app=xero&status=ACTIVE')
low line 81

External URL reference

SourceSKILL.md
81req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
low line 93

External URL reference

SourceSKILL.md
93req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
low line 107

External URL reference

SourceSKILL.md
107"url": "https://connect.maton.ai/?session_token=...",
low line 121

External URL reference

SourceSKILL.md
121req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
low line 134

External URL reference

SourceSKILL.md
134req = urllib.request.Request('https://gateway.maton.ai/xero/api.xro/2.0/Contacts')
low line 263

External URL reference

SourceSKILL.md
263'https://gateway.maton.ai/xero/api.xro/2.0/Contacts',
low line 279

External URL reference

SourceSKILL.md
279'https://gateway.maton.ai/xero/api.xro/2.0/Contacts',
low line 315

External URL reference

SourceSKILL.md
315req = urllib.request.Request('https://ctrl.maton.ai/connections')
low line 325

External URL reference

SourceSKILL.md
325- Correct: `https://gateway.maton.ai/xero/api.xro/2.0/Contacts`
low line 326

External URL reference

SourceSKILL.md
326- Incorrect: `https://gateway.maton.ai/api.xro/2.0/Contacts`
low line 336

External URL reference

SourceSKILL.md
336- [Maton Community](https://discord.com/invite/dBfFAcefs2)
Scanned on Feb 11, 2026
View Security Dashboard

Install this skill with one command

/learn @openclaw/xero
GitHub Stars 2.2K
Rate this skill
Categoryfinance accounting
UpdatedMarch 29, 2026
openclawapiaccountantfinancial-analystcfo-fpatax-specialistbusiness-developmentfinance accountingsales
openclaw/skills