ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Invoice Generator

v1.1.0

Creates professional invoices in markdown and HTML

1· 658·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate invoices in Markdown/HTML) matches the SKILL.md: templates, formatting rules, math checks, and save/list behaviors are all coherent with an invoice generator. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Instructions explicitly tell the agent to save invoices to an invoices/ directory, check existing invoices, reuse business details, generate HTML/Markdown, and compute totals/dates. These are expected for this skill, but they imply the agent will read/write files and persist personal/business data locally. The SKILL.md does not instruct any unexpected file reads, environment-variable access, or network exfiltration.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes install-time risk because nothing is downloaded or executed from external URLs.
Credentials
The skill requests no environment variables, credentials, or config paths. That is appropriate for a local invoice generator and proportional to its functionality.
Persistence & Privilege
The skill asks the agent to persist invoices and business contact details locally (invoices/ directory) and to reuse saved info. This is normal for bookkeeping but does mean financial and PII will be stored on disk; review where the agent runs and where files are written. always:false and normal autonomous invocation are set (no elevated platform privileges).
Assessment
This skill appears to do what it says: generate invoices and keep a local invoice history. Before installing, consider: (1) it will save invoices and business/client details to an invoices/ folder — avoid storing full bank account numbers or sensitive payment credentials in plain files; (2) confirm where the agent’s working directory is and whether those files are backed up or encrypted; (3) if you connect this agent to other skills (CRM, email-sender), review those integrations before sharing invoices; and (4) always review generated invoices before sending to clients. If you want stronger protection, run the skill in a restricted workspace or add file-encryption/secure storage for invoice data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cawf0t37fjk0q7dk03zrtvh813w1k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments