ClawHub

Shopify Auto Invoicing & Inventory

v1.0.0

Lightweight Shopify order invoicing and inventory operations workflow for detecting new orders, preparing invoice-ready billing data, updating stock tables,...

0· 70·0 current·0 all-time
by@gaelbuenobarthe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included assets: SKILL.md describes collecting exports and producing invoice-ready data and reports, and the bundle contains three small scripts (invoice_export.py, stock_sync.py, monthly_ops_report.py) and templates. Nothing in the files suggests unrelated capabilities (no cloud APIs, no AWS/GitHub/other credentials).
Instruction Scope
The SKILL.md asks the agent to use Shopify order exports, webhook payloads, or user-provided CSVs. The shipped code only reads local JSON/CSV and writes CSV outputs—there is no webhook server or Shopify API integration implemented. This is a minor mismatch (manual exports required) but not malicious. Also note SKILL.md asks for various store context fields; the code does not automatically fetch or validate those beyond reading provided files.
Install Mechanism
No install spec; skill is instruction-only plus small Python scripts. Scripts are plain Python, use only stdlib (csv, json, pathlib), and do local file I/O. No downloads, no external package installs, and no archive extraction.
Credentials
No required environment variables, no primary credential, and no config paths requested. The scripts operate on user-supplied file paths only, which is proportionate for the stated task.
Persistence & Privilege
always:false and default invocation settings. The skill does not request permanent presence or modify other skills or system settings. It only reads/writes files in user-specified paths when run.
Assessment
This skill appears to do what it says: read exported Shopify-style JSON/CSV and produce invoice-ready CSVs, stock reconciliation, and a monthly summary. Before installing or running it: 1) Remember it does not fetch data from Shopify automatically — you must supply exports or webhook payloads yourself (the bundle does not include a webhook receiver or API integration). 2) Run the scripts in a controlled environment and point them only at intended export files (they read arbitrary CSV/JSON paths you give them). 3) Be aware of CSV injection risk: the scripts write CSVs containing merchant/customer fields; do not open untrusted CSVs directly in spreadsheet software without sanitizing fields that begin with =, +, -, or @. 4) Validate invoice numbering, tax treatment, and any legal/accounting requirements with an accountant — the skill explicitly states it does not guarantee compliance. 5) If you want automated Shopify integration, plan to add a secure, auditable API integration that stores tokens safely (this skill currently requests no credentials). Overall this package is straightforward and low-risk, but treat outputs as drafts and review before sending or publishing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qbx3ahfhmjgcme2e798nys83qzak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments