Invoices
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: invoices Version: 1.0.1 The skill is designed for invoice management, which involves legitimate file system and network access. However, the `process.md` file indicates the agent's capability to 'Download from URL if provided' for invoice capture. While intended for legitimate invoice portals, this capability introduces a vulnerability risk: if an attacker can control the URL provided to the agent, it could lead to arbitrary file download, potentially enabling further exploitation (e.g., RCE if the downloaded file is then processed or executed). There is no explicit malicious intent within the skill's code or instructions, but this capability, combined with email integration (also in `process.md`), makes it suspicious due to the potential for abuse or exploitation, rather than being benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured too broadly, the agent could inspect non-invoice email or change message status in a way the user did not intend.
Optional email integration would require access to the user's email account and can mutate email state by marking messages as processed.
If user configures email access: 1. Scan inbox for invoices ... 3. Mark as processed in email
Use a dedicated mailbox, folder, or label for invoices where possible, and require confirmation before marking emails as processed.
Invoice totals, provider details, tax IDs, payment references, and similar financial data may remain stored and searchable for a long time.
The skill creates persistent, searchable local records of invoice metadata and processing state.
entries.json # All invoice metadata (searchable) └── state.json # Processing state
Keep the ~/invoices folder private, include it only in trusted backups, and periodically review what metadata is retained.
Depending on the runtime, sensitive invoice contents could be processed outside the local machine.
OCR may involve sending invoice content to a vision model or provider, but the artifact does not specify the processing boundary.
If image/scanned PDF → use vision model for OCR
Confirm which OCR/model provider is used, avoid processing highly sensitive invoices without consent, and redact personal data when exporting or sharing.