InvoiceGen
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This looks reasonable for a local invoicing helper. Before installing, be comfortable with it creating an invoices/ folder, storing client and payment details there, and running the included Python/Playwright PDF script. Use restrictive permissions, avoid committing invoice data to git, avoid raw bank/tax secrets unless needed, and review each invoice before sending it. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoice, client, payment, and tax details may remain in the workspace and could be exposed through backups, git commits, or other local users/processes.
The skill intentionally stores and reuses sensitive financial/business details in persistent local files. This is disclosed and purpose-aligned, but the data needs local protection.
Business profiles contain payment details and tax IDs. Remind users: Store `business-profile.json` with restrictive permissions (`chmod 600`)
Store only the payment details needed on invoices, prefer payment links or references over raw bank/tax data, restrict file permissions, and keep invoices/ out of source control.
Using the skill means running a local PDF-rendering script and browser process in the workspace.
PDF generation runs included Python code and launches Chromium to render local HTML. This is central to the stated purpose and JavaScript is disabled, but it is still local code execution.
with sync_playwright() as p:
browser = p.chromium.launch()
page.goto(f"file://{input_path}")Review the included script before use, run it in a trusted workspace or virtual environment, and keep generated files scoped to invoices/.
Dependency versions and provenance are left to the user’s environment, so installs should come from trusted sources.
The skill depends on a manual, unpinned Playwright/Chromium install even though the registry requirements declare no required binaries or install spec.
pip3 install playwright playwright install chromium
Install Playwright from official package sources, consider using a virtual environment and pinned versions, and keep the browser dependency updated.
Malicious or accidental HTML in invoice fields could affect the generated PDF’s content or resources loaded during rendering.
Invoice fields may be inserted into HTML for PDF rendering. The package warns about this and disables JavaScript in the renderer, but user-provided markup should still be escaped or reviewed.
ensure that any user-provided descriptions or client names do not contain malicious HTML tags, as they will be rendered in the final PDF document
Escape client-provided invoice fields before template substitution, keep JavaScript disabled, and avoid remote images or untrusted HTML in invoice data.
Users may over-trust the skill and store more sensitive financial data than necessary.
The package presents a security-verification badge, while the provided artifacts do not include an independent audit report. The code reviewed here mostly aligns with its privacy claims, but users should not rely on the badge alone.
Treat security badges and guarantees as claims unless independently verified, and continue following local data-protection practices.