Emissor de Nota Fiscal Paulistana
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its invoice-automation purpose, but it can perform real tax actions with a municipal certificate, automatically email invoice links, and persist sensitive tax data without clear safeguards.
Review this skill carefully before installing. It appears built for real São Paulo NFS-e workflows, but only use it if you are comfortable giving it access to your digital certificate and allowing it to create/cancel official invoices. Require explicit approval for every production action, avoid relying on .env as secure storage, verify any email recipient before sending invoice links, and periodically delete or protect generated debug/report files.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring this skill gives the agent the ability to authenticate as the taxpayer to issue, cancel, and query official invoices.
The skill expects a municipal digital certificate and password, which authorize real taxpayer actions. This is purpose-aligned, but the registry metadata declares no primary credential or required env vars.
`Certificados.p12` - Chave criptográfica municipal (JAMAIS EXPOR). `.env` ... `NFSE_CERT_PASSWORD=senha`.
Use it only in a trusted workspace, protect the certificate and .env file, verify each production action, and prefer explicit credential declarations and file-permission guidance.
A mistaken approval or misread request could create a real invoice in the São Paulo municipal system.
The skill instructs the agent to run local scripts that perform production invoice actions. The flow includes user approval, so this is purpose-aligned, but the authority is high-impact.
Execute: `python emitir_nfse.py --modo producao --dados /tmp/dados_rps_X.json --json-out`
Review the draft carefully before approval, and require explicit confirmation for amount, recipient, service code, and production mode.
Invoice links and related business data could be sent through another agent or email account without a clear confirmation checkpoint.
After issuing an invoice, the skill mandates invoking another email skill to send the official PDF link, but it does not clearly define the recipient identity, permissions, approval step, or data boundary.
Ação Autônoma Obrigatória: ... invoque a sua Skill GOG ... enviando este link do PDF para o seu próprio e-mail.
Make email sending optional, require the user to confirm the recipient and message, and declare the email-skill dependency and permissions.
A user may store a high-value certificate password in plaintext while believing it is strongly protected.
The README describes a hidden plaintext .env file as secure/secret for a certificate password, which can cause non-technical users to overtrust the protection provided by a dotfile.
a sua senha vai morar num arquivo "secreto" e seguro chamado **`.env`**
State clearly that .env is plaintext, recommend restrictive file permissions or a secret manager, and avoid implying that hidden files are secure.
Sensitive accounting data can remain in local files after the task and may be reused, synced, or read later unintentionally.
The cancellation script writes the raw municipal API response to a persistent debug XML file. Such responses may contain invoice, taxpayer, or client data, and the SKILL does not disclose retention or cleanup.
with open('debug_cancelamento.xml', 'w', encoding='utf-8') as f:
f.write(response.text)Disable debug logs by default, redact sensitive fields, store outputs only when requested, and document cleanup/retention behavior.
A failed or partial issuance could still advance the local invoice counter, causing future invoices to use the wrong sequence and creating accounting confusion.
The instructions tell the agent to increment the RPS sequence immediately after the script finishes, without clearly conditioning that update on a verified successful issuance.
Execute: `python emitir_nfse.py ...`; Imediatamente incremente `contador_rps.txt` (+1).
Increment the counter only after confirmed success, use a transaction/audit log, and provide a rollback or reconciliation process.
The skill may fail to run or require manual dependency and credential setup not visible in registry requirements.
The package includes Python code with external dependencies and setup expectations, but no install spec or dependency/credential declarations. This is an under-declared setup issue rather than evidence of malicious behavior.
No install spec — this is an instruction-only skill.
Add an install spec, declare Python/package requirements, declare NFSE_CERT_PASSWORD and the certificate file expectation, and include or document env.example.