Invoice Generator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-invoice-generator Version: 1.0.0 The skill is classified as suspicious due to explicit instructions in `SKILL.md` for the AI agent to perform file system operations, specifically to 'Save invoices to an `invoices/` directory' and 'List all invoices in the invoices/ directory'. While these capabilities are necessary for the skill's stated purpose (invoice generation and management), they represent a risky capability (file system read/write access) that could be exploited if the OpenClaw agent's execution environment lacks robust sandboxing or path sanitization, potentially leading to path traversal or unauthorized file access vulnerabilities. There is no evidence of malicious intent, data exfiltration, or direct prompt injection for harmful objectives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create or update local invoice files containing business, client, and payment information.
The skill directs the agent to create invoice files locally. This is purpose-aligned for an invoice generator and scoped to an invoices directory, but users should be aware of local file creation.
Save invoices to an `invoices/` directory for record-keeping
Keep the invoices directory in a location you control, review generated files before sending them, and avoid overwriting or storing sensitive payment details unless needed.
Stored or reused invoice details could include client names, addresses, payment methods, invoice amounts, and business contact information.
The skill asks to retain reusable business information and later reuse prior details, which is useful for recurring invoices but creates persistent context containing business data.
Your business info: Name, address, email, phone (save for reuse)
Confirm what information is being reused, update stale details before generating new invoices, and avoid including sensitive banking information unless you are comfortable storing it with the invoices.