ClawHub

Invoice Agent

v1.0.1

Professional invoice and payment management skill. Create, track, and manage invoices with natural language. Supports multi-currency, tax calculations, payme...

0· 52·0 current·0 all-time
by@atum246
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (invoice creation, reminders, HTML generation, local storage) match the included scripts and SKILL.md. The scripts read/write only under ~/.invoice-agent and implement the advertised features (create/list/update/export/reminders/HTML generation). No unrelated services, binaries, or credentials are requested.
Instruction Scope
Runtime instructions tell the agent to run the included CLI scripts and to use SKILL_DIR; they operate only on local files under ~/.invoice-agent. One implementation note: the HTML generation inserts invoice fields into the template without escaping, so if invoice fields contain HTML/script content it could produce an HTML injection/XSS when opened in a browser. The reminders script generates email text but does not send emails or contact external endpoints.
Install Mechanism
No install spec is provided (instruction-only skill). All source files are included in the bundle; there are no downloads, package installs, or external install URLs to evaluate.
Credentials
No environment variables, API keys, or external credentials are required. The requested filesystem access (creating ~/.invoice-agent and writing JSON/invoice files) is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills or system-wide agent settings and only writes to its own data directory.
Assessment
This package appears to be a self-contained, local invoice CLI. Before installing: (1) review and back up any existing ~/.invoice-agent data since the scripts will create/write there; (2) note that the HTML generator directly injects invoice fields into the template without escaping — avoid including untrusted HTML in invoice fields or sanitize/escape fields before opening generated HTML in a browser; (3) reminders.py only formats messages and prints them — it does not send emails (so no hidden exfiltration), but if you modify it to send messages, inspect any added network code carefully; (4) the skill is proprietary and has no homepage/author details in metadata — if provenance matters to you, ask the publisher for source/audit info or run it in a restricted environment first.

Like a lobster shell, security has layers — review code before you run it.

agencyvk977cq564zt7bt6t4r06sn8bwn84s9debillingvk977cq564zt7bt6t4r06sn8bwn84s9debusinessvk977cq564zt7bt6t4r06sn8bwn84s9definancevk977cq564zt7bt6t4r06sn8bwn84s9defreelancervk977cq564zt7bt6t4r06sn8bwn84s9deinvoicesvk977cq564zt7bt6t4r06sn8bwn84s9delatestvk977cq564zt7bt6t4r06sn8bwn84s9depaymentsvk977cq564zt7bt6t4r06sn8bwn84s9de

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments