Skillv1.0.9

ClawScan security

SmartBill Invoicing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 7:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions are coherent with its stated purpose (SmartBill invoicing) and do not request unrelated privileges.
Guidance: This skill appears to be what it says: a local Python CLI for SmartBill. Before installing or running it: 1) Only provide SMARTBILL_USERNAME/TOKEN to skills you trust; the source/homepage is unknown so verify the script contents yourself. 2) Use --dry-run to inspect normalized payloads and require explicit confirmation before issuing final invoices. 3) Do not enable SMARTBILL_DEBUG in production — it can log request/response bodies (sensitive). 4) When downloading PDFs, ensure --output is a safe path under your intended directory and that the script actually enforces no ../ traversal (review the script to confirm). 5) Prefer using short-lived or limited-scope tokens if SmartBill supports them. If you need higher assurance, ask the publisher for a verified source or code provenance (repo, release tags) before handing over real credentials.

Review Dimensions

Purpose & Capability: okName/description (SmartBill invoices) match the required binaries (python3), declared env vars (SMARTBILL_USERNAME, SMARTBILL_TOKEN, SMARTBILL_COMPANY_VAT_CODE) and the included CLI script. There are no unrelated credentials, binaries, or install steps that don't belong to an API client for SmartBill. Note: the skill's source/homepage is unknown which reduces provenance but does not create an internal inconsistency.
Instruction Scope: noteSKILL.md instructs the agent to run the included Python CLI for validation, dry-run, create, list series, and download PDFs — all within the invoicing scope. The doc warns about debug logging and output path restrictions. One operational caution: the CLI can print full request/response bodies to stderr when SMARTBILL_DEBUG is enabled (potentially exposing sensitive data), and the SKILL.md relies on an environment/platform-level restriction that output paths must stay within allowed media roots — verify the script actually enforces safe output path resolution to avoid path-traversal or writing files outside the intended directory.
Install Mechanism: okNo install spec; the skill is instruction-only with a bundled Python script. This is low-risk compared to remote downloads or package installs. The script uses only stdlib modules (urllib, json, base64), which is proportionate to an API client.
Credentials: okRequired env vars are limited to SmartBill credentials and a company VAT code; SMARTBILL_TOKEN is the primary credential. No unrelated secret variables are requested. The presence of SMARTBILL_DEBUG (optional) can cause sensitive request/response data to be logged to stderr — the SKILL.md documents this but users should avoid enabling it in production.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide config or persistent privileges. It does write downloaded PDFs to disk (per user-supplied --output), which is appropriate for a CLI tool but should be constrained to safe paths (see instruction_scope note). Autonomous invocation is allowed by default but is normal for skills and not by itself a concern here.