ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

InvoiceGen

v1.0.3

Stop paying $15/month just to generate a PDF. Tell OpenClaw 'Bill Acme Corp for 10 hours of design work at $85/hr, net 30' and get a beautifully branded invo...

0· 73·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, templates, and scripts all implement an invoicing/PDF workflow as described. However the registry metadata claims no required binaries or env vars, while the README and scripts require Python and Playwright (and a Chromium install) to render PDFs — that mismatch is an incoherence the user should be aware of.
Instruction Scope
SKILL.md keeps behavior tightly scoped to the invoices/ directory and documents path-sanitization, prompt-injection defenses, and explicit user confirmation before generating PDFs. The instructions do not ask to read unrelated system files or exfiltrate data.
Install Mechanism
There is no install spec in the registry (instruction-only), which minimizes automated install risk. The included Python script uses Playwright (a headless browser) but the package does not itself download remote code. The user must install Playwright/Chromium manually; that step will download a browser binary from upstream.
Credentials
The skill declares no required environment variables or credentials (consistent with local invoicing). The dashboard documentation mentions optional Supabase usage and advises storing keys in env vars, but those are optional and not required by the provided scripts.
Persistence & Privilege
The skill does not request 'always' inclusion and does not modify other skills. Its persistent data is confined to an invoices/ directory and local JSON/SQLite artifacts as described.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md intentionally warns about prompt-injection phrases like 'ignore previous instructions' and instructs treating user-provided fields as data. The scanner flagged the phrase, but here it appears as a defensive example rather than an actual injection vector in the skill.
What to consider before installing
What to check before installing and using InvoiceGen: - Runtime requirements: The registry metadata lists no required binaries, but the code and README expect Python 3 and Playwright (plus a Chromium install via `playwright install chromium`). Install those intentionally — the package will not do that for you. - Local vs networked rendering: The PDF generator uses Playwright to load a local HTML file but Playwright can fetch remote resources referenced in the HTML (images, fonts, CSS). If a logo or template includes a remote URL, rendering may make network requests (which could reveal your IP or load content you didn't expect). Use local logo files in invoices/ or ensure remote resources are trusted. - Path & data safety: The skill enforces output paths within invoices/ and the SKILL.md prescribes sanitizing client-provided strings — follow those rules. Review how your assistant templates LOGO_PATH and client fields are populated to avoid accidental path traversal or remote URLs. - Sensitive data storage: Do not store raw bank account numbers, full tax IDs, or plaintext secrets in business-profile.json. The package itself advises restricting file permissions (chmod 600/700). Follow that guidance and consider using reference IDs or a secure secrets mechanism if you need to include payment details. - Optional dashboard: The dashboard notes discuss Supabase and encryption for production use. Those are optional and not implemented by the included scripts; only enable/ integrate those services if you understand the additional operational and security implications. - Review the code: The included Python script appears well-scoped (disables JS before rendering and enforces output path checks). Still, if you will run it on sensitive data, inspect the template generation code your assistant will produce (ensure it doesn't embed remote URLs or unsanitized HTML) and run in a controlled environment initially. If you want, I can: (a) list the exact commands to install the required runtime (Python + Playwright), (b) scan the templates for any occurrences of remote URLs, or (c) produce a short checklist to harden local usage (permissions, sandboxing, restricting logos to local files).
!
SKILL.md:4
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk975nv9nrqjc7kbavb7w2pt8as83zy80

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments