ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Korean Invoice

v1.0.0

한국형 견적서/세금계산서 자동 생성 (사업자등록번호, 부가세 자동 계산)

0· 559·0 current·0 all-time
by@mupengi-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and SKILL.md: the scripts manage clients/items, generate invoice HTML/PDF, compute VAT, and use local data files. The only external dependency is puppeteer-core to convert HTML→PDF via a local OpenClaw browser, which is consistent with the documented PDF conversion step.
Instruction Scope
Runtime instructions and code operate on files inside the skill directory (data/*.json, templates/, output/) and provide a CLI. There are no instructions to read unrelated system paths or to send data to remote servers. Note: data/my-info.json stores sensitive business info (bank account etc.) locally as expected for this tool.
Install Mechanism
Skill has no platform install spec but includes package.json/package-lock with dependency on puppeteer-core. Installing (npm install) will fetch packages from the npm registry — standard but a moderate supply-chain surface compared to an instruction-only skill. No downloads from suspicious URLs are present in the package files shown.
Credentials
The skill does not request environment variables or external credentials. It requires a local OpenClaw browser listening on localhost:18800 for PDF conversion, which matches the documentation. Be aware that sensitive fields (business number, bankAccount, emails) are stored in data/my-info.json and data/clients.json.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not modify other skills or system-wide configurations. It reads/writes only its own data and output directories.
Assessment
This skill appears to do what it says: generate Korean quotes and tax invoices using local JSON data and convert HTML to PDF via a local OpenClaw browser. Before installing or running: (1) review and remove or redact any sensitive fields in data/my-info.json (bankAccount, personal emails) if you don't want them stored; (2) run npm install in a controlled environment if you need PDF support, since puppeteer-core and many npm packages will be downloaded; (3) ensure the OpenClaw browser (localhost:18800) is trusted and bound to localhost; (4) inspect outputs before sharing externally. If you require stricter isolation, run the skill in a sandbox or container.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5gqzpjb913dt54s1tb37as818maw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments