ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Invoice Generator

v1.0.0

Creates professional invoices in markdown and HTML

0· 760·1 current·1 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (invoice creation in Markdown/HTML) match the SKILL.md: asks for business/client details, line items, tax, generates markdown/HTML, and tracks invoices. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope
Instructions remain within invoicing scope (generate invoices, calculate totals, save to invoices/ directory, list invoices, reuse business info). They instruct reading/writing an invoices/ directory and persisting business/client details for reuse — expected for this skill but worth noting because it implies storing PII locally.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes supply-chain risk because nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to its invoice-generation purpose.
Persistence & Privilege
always:false and no special privileges requested. However, the skill expects to save invoices and persist business/client info in an invoices/ directory — this is normal but means data will be written to the agent's filesystem and could persist across sessions.
Assessment
This skill is coherent for generating and storing invoices, but be aware it will write invoice files and saved business/client details to an invoices/ directory in the agent environment (which may include personal or financial information). Before installing or using: confirm where the agent stores files and who can access them, review a few sample generated invoices to ensure formatting and tax/legal fields are correct, ensure invoice numbering won't collide or overwrite existing files, and back up or encrypt any sensitive records if needed. Because the skill is instruction-only and makes no network calls or credential requests, there is low supply-chain risk, but always review outputs before sending invoices to clients.

Like a lobster shell, security has layers — review code before you run it.

businessvk97a3pefesrdd6j16qv0eb4nx98121g3financevk97a3pefesrdd6j16qv0eb4nx98121g3invoicingvk97a3pefesrdd6j16qv0eb4nx98121g3latestvk97a3pefesrdd6j16qv0eb4nx98121g3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments