Back to skill
Skillv1.0.1
ClawScan security
FGO Invoicing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 1:21 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required environment variables are consistent with an FGO.ro invoicing helper; nothing requests unrelated credentials or adds unexplained capabilities.
- Guidance
- This skill appears to do exactly what it claims: drive the FGO API from a local Python CLI. Before installing/using: (1) store FGO_CHEIE_PRIVATA securely (do not paste it into chat or logs), (2) test with the UAT base URL and use --dry-run first, (3) avoid enabling debug when handling real invoices because it logs request/response bodies to stderr which can expose invoice data, (4) inspect scripts/fgo_cli.py in your environment if you want to confirm the input-path confinement and logging behavior are enforced, and (5) keep the skill's env vars scoped to a dedicated runtime (or secret manager) so other tools/processes can't read them. I give medium confidence because some parts of the CLI implementation are truncated in the provided view; confirm the input-file confinement and file-read validation in the actual script before use.
Review Dimensions
- Purpose & Capability
- okName/description describe interacting with the FGO API and the skill only requires python3 plus FGO_COD_UNIC and FGO_CHEIE_PRIVATA — these are exactly the credentials the FGO API needs. No unrelated binaries, hosts, or secrets are requested.
- Instruction Scope
- noteSKILL.md focuses on building/validating invoice payloads and calling FGO endpoints, and explicitly recommends dry-run and confirmation before final issuance. It also documents input-file safety and warns not to expose the private key. One operational note: the CLI supports a debug mode that prints full request/response bodies to stderr; while the private key itself is not sent in headers, debug logs can reveal sensitive invoice data (and the computed Hash). Disable debug in production and avoid piping stderr to untrusted collectors.
- Install Mechanism
- okInstruction-only with an included Python script; no install spec or external downloads. Risk is low because nothing is fetched or executed from arbitrary URLs.
- Credentials
- okOnly two required env vars are declared (FGO_COD_UNIC, FGO_CHEIE_PRIVATA) and they directly map to the documented API authentication model. Optional vars (base URL, timeout, retries, debug) are reasonable. No unrelated credentials or large set of secrets are requested.
- Persistence & Privilege
- okSkill is not always-on and uses normal agent invocation. It does not request persistent system-wide privileges or modify other skills. No install-time hooks or config overwrites are declared.