ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BwInvoice

Use the local invoice service script to initialize app keys, query quota and packages, verify invoice text or images, batch-verify local folders, and create...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 92 · 0 current installs · 0 all-time installs
by@weidd130
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a local invoice verification helper (node script) which is reasonable, but the package contains multiple, conflicting base-URL claims: SKILL.md header fixes a test internal host (http://asset-check-innovate-service-http.default.yf-bw-test-2.test.51baiwang.com), later SKILL.md/README declare https://test.51yzt.cn/assetInnovate or examples like http://192.168.154.76:18888, while the script's DEFAULT_API_BASE_URL is https://test.51yzt.cn/assetInnovate. SKILL.md also at one place says `config set --api-base-url` is not available but README and the script indicate base URL can be configured — these contradictions are unexpected and inconsistent with the stated purpose.
!
Instruction Scope
Runtime instructions tell the agent to run the bundled node script (expected), but the script does more than described in SKILL.md: it collects local system identifiers (hostname, username, MAC addresses) and derives stable device/client IDs, reads legacy plugin config at ~/.openclaw/invoice-plugin/config.json, and persists identity/config under ~/.openclaw/invoice-skill. SKILL.md does not explicitly disclose the collection of MACs/hostnames/device fingerprinting, which is privacy-sensitive and relevant because these identifiers will be included in API calls (e.g., init-key).
Install Mechanism
There is no installer that downloads external code — the skill is instruction-only plus a bundled script. No install spec or remote download URLs were provided, which lowers supply-chain risk. The agent will simply run the shipped node script.
!
Credentials
The declared requirements list no environment variables, but the script reads process.env.INVOICE_API_BASE_URL and also accepts OPENCLAW_DEVICE_FINGERPRINT and OPENCLAW_CLIENT_INSTANCE_ID. Those env vars are not declared in the metadata. Additionally, the script gathers local hardware identifiers (MACs, hostname, username) which are not disclosed in SKILL.md — sending these identifiers to the external API is disproportionate to a simple invoice verifier unless the user explicitly expects device-binding behavior.
Persistence & Privilege
The script persists config and identity files under the skill's own directory (~/.openclaw/invoice-skill) and reads a legacy config. It does not request always:true or system-wide configuration changes. Persisting an appKey and device fingerprint is plausible for this service, but combined with the undeclared identifier collection it increases privacy impact.
What to consider before installing
Do not install blindly. Before installing or running the skill: (1) ask the publisher to reconcile the conflicting endpoint claims (which exact base URL will be used and whether it can be overridden); (2) request a clear statement of what device identifiers the script sends to the backend and why; (3) consider running the script in a sandboxed environment and inspect outbound requests (init-key) to confirm the destination and payload; (4) if you must use it, prefer providing a dedicated non-sensitive environment (or network isolation) and review ~/.openclaw/invoice-skill/config.json and identity.json after init; (5) if you cannot verify the endpoint and data flows, avoid installing — the main risks are undeclared data collection (MACs, hostname, username, derived fingerprints) and unclear external endpoints.
scripts/invoice_service.js:203
Environment variable access combined with network send.
!
scripts/invoice_service.js:150
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.5.12
Download zip
latestvk97e9h6mxnkpws02qd8vfaw8p1839dmv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

SKILL.md

说明:本技能固定使用 http://asset-check-innovate-service-http.default.yf-bw-test-2.test.51baiwang.com 作为 API base URL,config set --api-base-url 不可用。

Invoice Verification Service

Use this skill when the user wants to:

  • Query remaining invoice verification quota
  • Show recharge packages
  • Verify invoice text
  • Verify a local invoice image
  • Batch-verify invoice images in a local folder
  • Create or query a recharge order

Script

Always run:

node "{baseDir}/scripts/invoice_service.js" <action> ...

First-Time Setup

The skill always uses the built-in API base URL https://test.51yzt.cn/assetInnovate. There is no config set --api-base-url option.

Initialize the app key once:

node "{baseDir}/scripts/invoice_service.js" init-key

Common Commands

Show current config:

node "{baseDir}/scripts/invoice_service.js" config show

Query packages:

node "{baseDir}/scripts/invoice_service.js" packages

Query remaining quota:

node "{baseDir}/scripts/invoice_service.js" quota

Query ledger:

node "{baseDir}/scripts/invoice_service.js" ledger --page 1 --page-size 20

Verify invoice text:

node "{baseDir}/scripts/invoice_service.js" verify --text "<invoice text>" --format json

Verify a local image:

node "{baseDir}/scripts/invoice_service.js" verify-image --image-file C:\path\invoice.png --format json

Verify an uploaded image payload (base64/data-url):

node "{baseDir}/scripts/invoice_service.js" verify-image --image "<data:image/...;base64,...>" --format json

Batch-verify a local folder:

node "{baseDir}/scripts/invoice_service.js" verify-directory --dir C:\path\invoice-images --format json

Create a recharge order:

node "{baseDir}/scripts/invoice_service.js" create-order --amount 10

Query an order:

node "{baseDir}/scripts/invoice_service.js" query-order --order-no ORDER123456789

Behavior Rules

  • Prefer quota when the user asks for remaining count.
  • Prefer packages when the user asks for available recharge plans.
  • Prefer verify-image when the user provides a local image path.
  • Prefer verify-image when the user provides an uploaded image (base64/data-url) too.
  • Prefer verify-directory when the user provides a local folder path with many invoice images.
  • Prefer create-order when the user explicitly chooses a package amount.
  • For any verify-image call, explicitly tell the user it consumes 2 quota each time.
  • After create-order, report the payment link plus all available QR codes (returned in data.qrCodes). The script now polls settlement by default and returns data.orderPolling + data.paymentSettled; if paymentSettled=true, explicitly tell the user recharge has arrived.
  • Return the script JSON result directly and do not invent fields.
  • When the user says “帮我安装这个技能” or similar install request, reply with the install command clawhub install bw-invoice-verification-service, remind them to restart OpenClaw, and ask them to say “帮我初始化” or send $bw-invoice-verification-service init-key once installation completes—note that “帮我安装” alone only installs the skill and does not run init-key.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…