Software Quotation Skill
PassAudited by ClawScan on May 13, 2026.
Overview
This is a coherent quotation-writing skill; the main thing to notice is that its generated HTML uses third-party CDN JavaScript for PDF export.
This skill appears safe for drafting software project quotations. Review the generated pricing and contract terms before sending them to clients, and be aware that the HTML/PDF export feature loads third-party JavaScript from cdnjs unless you replace it with local trusted copies.
Publisher note
Quotation Writer is a specialized agent skill for creating professional software project quotations. It guides users through structured requirement analysis, work breakdown, and generates a polished HTML quotation document ready for client delivery. Features: - Structured requirements clarification (Product / Design / Tech dimensions) - Workload estimation with role × day matrix (PM, UI, Backend, Frontend, QA) - Detailed scope definition (In Scope / Out of Scope / Assumptions) - HTML quotation document with professional design and PDF export - Risk-aware pricing with milestone planning and payment terms Ideal for: Freelancers, agencies, and consultants who need to produce client-ready project quotations quickly and professionally. Output: A single HTML file — open in browser, export to PDF with one click.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the generated HTML may contact cdnjs and run those libraries in the browser; if the CDN is blocked, unavailable, or compromised, PDF export could fail or the document could be exposed to untrusted script behavior.
The quotation template loads third-party JavaScript from cdnjs for PDF export. This is disclosed and aligned with the skill's purpose, but it means generated quote documents trust external CDN code at viewing/export time.
<script src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js"></script>
For sensitive client quotes, consider using reviewed local copies of the libraries, adding integrity protections, or exporting in a controlled environment before sharing.