Invoice Generator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-invoice-gen Version: 1.1.0 The skill is classified as suspicious due to its explicit instructions in `SKILL.md` for file system read and write operations, including saving invoices to an `invoices/` directory, checking for existing invoices, and listing all invoices. While these capabilities are necessary for the skill's stated purpose, they represent a significant level of access that could be exploited if the agent's environment is not properly sandboxed or if future versions introduce vulnerabilities like path traversal. Additionally, `SKILL.md` contains `clawhub install` commands, which, although likely intended for the user, could be misinterpreted by a less robust AI agent as commands to execute, potentially leading to unintended software installations.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your business details, client information, invoice history, and possibly payment instructions may be saved and reused later.
The skill intentionally stores and later reuses business and invoice context. This is aligned with invoice management, but it means sensitive business/client/payment information may persist across tasks.
**Your business info:** Name, address, email, phone (save for reuse) ... Save invoices to an `invoices/` directory for record-keeping ... Track invoice history per client
Use a dedicated invoices folder, avoid storing unnecessary sensitive payment details, and periodically review or delete old invoice records if they are no longer needed.