zoho-books

Integrates with Zoho Books API for managing invoices, contacts, and expenses using OAuth authentication.

Install this skill

62/100

Security score

The zoho-books skill was audited on Feb 12, 2026 and we found 34 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 606

Template literal with variable interpolation in command context

SourceSKILL.md

606	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 602

Fetch to external URL

SourceSKILL.md

602	const response = await fetch(

low line 606

Access to .env file

SourceSKILL.md

606	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 6

External URL reference

SourceSKILL.md

6	For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

low line 28

External URL reference

SourceSKILL.md

28	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts')

low line 37

External URL reference

SourceSKILL.md

37	https://gateway.maton.ai/zoho-books/books/v3/{endpoint}

low line 58

External URL reference

SourceSKILL.md

58	1. Sign in or create an account at [maton.ai](https://maton.ai)

low line 59

External URL reference

SourceSKILL.md

59	2. Go to [maton.ai/settings](https://maton.ai/settings)

low line 64

External URL reference

SourceSKILL.md

64	Manage your Zoho Books OAuth connections at `https://ctrl.maton.ai`.

low line 71

External URL reference

SourceSKILL.md

71	req = urllib.request.Request('https://ctrl.maton.ai/connections?app=zoho-books&status=ACTIVE')

low line 83

External URL reference

SourceSKILL.md

83	req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')

low line 95

External URL reference

SourceSKILL.md

95	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')

low line 109

External URL reference

SourceSKILL.md

109	"url": "https://connect.maton.ai/?session_token=...",

low line 123

External URL reference

SourceSKILL.md

123	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')

low line 136

External URL reference

SourceSKILL.md

136	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts')

low line 176

External URL reference

SourceSKILL.md

176	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts')

low line 209

External URL reference

SourceSKILL.md

209	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts/8527119000000099001')

low line 250

External URL reference

SourceSKILL.md

250	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts', data=data, method='POST')

low line 293

External URL reference

SourceSKILL.md

293	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts/8527119000000099001', data=data, method='PUT')

low line 311

External URL reference

SourceSKILL.md

311	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/contacts/8527119000000099001', method='DELETE')

low line 338

External URL reference

SourceSKILL.md

338	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/invoices')

low line 417

External URL reference

SourceSKILL.md

417	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/bills')

low line 473

External URL reference

SourceSKILL.md

473	req = urllib.request.Request('https://gateway.maton.ai/zoho-books/books/v3/expenses')

low line 603

External URL reference

SourceSKILL.md

603	'https://gateway.maton.ai/zoho-books/books/v3/contacts',

low line 620

External URL reference

SourceSKILL.md

620	'https://gateway.maton.ai/zoho-books/books/v3/contacts',

low line 671

External URL reference

SourceSKILL.md

671	req = urllib.request.Request('https://ctrl.maton.ai/connections')

low line 681

External URL reference

SourceSKILL.md

681	- Correct: `https://gateway.maton.ai/zoho-books/books/v3/contacts`

low line 682

External URL reference

SourceSKILL.md

682	- Incorrect: `https://gateway.maton.ai/books/v3/contacts`

low line 686

External URL reference

SourceSKILL.md

686	- [Zoho Books API v3 Introduction](https://www.zoho.com/books/api/v3/introduction/)

low line 687

External URL reference

SourceSKILL.md

687	- [Zoho Books Invoices API](https://www.zoho.com/books/api/v3/invoices/)

low line 688

External URL reference

SourceSKILL.md

688	- [Zoho Books Contacts API](https://www.zoho.com/books/api/v3/contacts/)

low line 689

External URL reference

SourceSKILL.md

689	- [Zoho Books Bills API](https://www.zoho.com/books/api/v3/bills/)

low line 690

External URL reference

SourceSKILL.md

690	- [Zoho Books Expenses API](https://www.zoho.com/books/api/v3/expenses/)

low line 691

External URL reference

SourceSKILL.md

691	- [Maton Community](https://discord.com/invite/dBfFAcefs2)

Scanned on Feb 12, 2026

View Security Dashboard

Install this skill with one command

/learn @openclaw/zoho-books

GitHub Stars 2.2K

Rate this skill

Categoryfinance accounting

UpdatedMarch 29, 2026

openclaw api accountant financial-analyst cfo-fpa ap-ar-specialist tax-specialist finance accounting

openclaw/skills