ClawHub

Agent Invoice Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local invoice-generation skill that stores invoice data on disk as expected, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable storing business contact details, client names, invoice notes, amounts, and payment status in local files under your home directory. Review invoices before sending them, and require explicit confirmation before using any separate email skill or setting up cron-based recurring invoices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation describes capabilities that read and persist data to the local filesystem, but no explicit permissions are declared. This creates a transparency and consent problem: an invoking system or user may not realize the skill can write configuration and invoice files, increasing the risk of unexpected local data creation or misuse.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation text is very broad and overlaps with ordinary business-language requests like billing clients, receipts, and payment tracking. That increases the chance the skill is auto-selected in situations where the user did not explicitly intend filesystem writes, invoice generation, or downstream delivery actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill stores business details persistently in ~/.openclaw/invoice-config.json without clearly warning the user that sensitive business contact information will be saved on disk. Persistent storage of configuration data can expose private or regulated information and may surprise users who expected an ephemeral operation.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation states that PDF invoices are written to ~/Documents/Invoices without warning that local files will be created. While expected for an invoice tool, silent file creation can still lead to privacy, clutter, or accidental disclosure issues on shared systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages recurring invoice generation and delivery via cron without warning about unattended actions. Automated creation and delivery of financial documents can cause erroneous billing, disclosure to unintended recipients, or repeated actions after circumstances change.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script stores business details and invoice data, including potentially sensitive client information, in predictable locations under the user's home directory without any disclosure, permission hardening, or data-protection controls. In a local agent-skill context, silent persistence increases privacy and confidentiality risk because users may not realize personal and financial data is being retained on disk.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: invoice-generator
description: Generate professional PDF invoices from natural language or structured data. Use when the user asks to create an invoice, bill a client, generate a receipt, track payments, or manage invoicing. Supports line items, tax calculation, discounts, multiple currencies, recurring invoices, and payment tracking. Outputs clean PDF invoices ready to send.
---

# Invoice Generator
Confidence
80% confidence
Finding
create an invoice, bill a client, generate a receipt, track payments, or manage invoicing. Supports line items, tax calculation, discounts, multiple currencies, recurring invoices, and payment trackin

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal