ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quotation Generator

v1.0.0

Auto-generate professional PDF proforma invoices with company letterhead, multi-language support, and post-quote tracking.

0· 113·1 current·2 all-time
by@ipythoning·duplicate of @ipythoning/sdr-quotation-generator

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/quotation-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Quotation Generator" (ipythoning/quotation-generator) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/quotation-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install quotation-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install quotation-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (generate/send proforma invoices and track post-quote status) is coherent, but the SKILL.md expects the agent to send drafts via WhatsApp, update a CRM, and read product-kb/catalog.json. None of these external integrations or file accesses are declared in the skill metadata (no required env vars, no config paths). That discrepancy is disproportionate to the declared requirements.
!
Instruction Scope
Runtime instructions explicitly instruct the agent to read product-kb/catalog.json, send drafts to the owner via WhatsApp, send final quotes to customers, and update CRM records and attachments. Those are concrete I/O operations involving local files and third-party services; the instructions do not specify which CRM, which WhatsApp API/endpoint, or how credentials/addresses are provided, creating ambiguity and risk of unauthorized data access or unintended exfiltration.
Install Mechanism
No install spec and no code files (instruction-only). That lowers installation risk since nothing is downloaded or written to disk by the skill itself.
!
Credentials
The skill declares no required environment variables or primary credential, yet its workflow requires credentials/tokens to use WhatsApp and a CRM, and access to product-kb files. This mismatch means the skill will need access to secrets or filesystem paths that are not communicated up-front — disproportionate and potentially dangerous.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modifications to other skills. Autonomous invocation is allowed (platform default) but not combined with additional privileges.
What to consider before installing
This skill could do what it says, but it currently leaves out critical operational details. Before installing or enabling it: 1) Require the author to declare the exact external integrations (which WhatsApp API/provider, which CRM) and list the specific environment variables (e.g., WHATSAPP_API_TOKEN, CRM_API_KEY) and config path(s) (e.g., product-kb/catalog.json) the skill needs. 2) Limit filesystem access to an explicit, sandboxed path and avoid granting wide read permissions. 3) Verify how owner approval via WhatsApp is authenticated (phone spoofing risk); prefer an out-of-band confirmation rather than unconditional send. 4) Ensure least-privilege credentials (scoped API tokens) and logging/audit for message sends and CRM updates. 5) Get clarity on handling of customer PII and attachments and confirm compliance with privacy rules. If the author cannot provide the above or if the skill would require you to paste high-privilege tokens into a generic agent, treat it as high-risk and do not enable it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gkytnn2bb2mvr9vqhh2a55842v8z
113downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@ipythoning
latest
Download

Quotation Generator

Generate professional proforma invoices for B2B export deals.

Trigger

  • Customer requests quote/pricing
  • Owner instructs: "Send quote to [customer]"
  • Stage 5 of sales pipeline

Quote Content

Each proforma invoice includes:

  1. Company letterhead — logo, company name, address, contact info
  2. Customer info — company, contact person, country
  3. Product table — item, specs, quantity, unit price, total
  4. Terms — payment terms, delivery time, shipping method, Incoterms
  5. Validity — quote valid for 30 days (configurable)
  6. Notes — special conditions, certifications, warranty

Naming Convention

{{brand_code}}-YYYYMMDD-NNN (e.g., FY-20260324-001)

Multi-Language Support

Generate quotes in customer's language:

  • English (default)
  • French (West/Central Africa)
  • Arabic (Middle East/North Africa)
  • Spanish (Latin America)
  • Portuguese (Brazil, Mozambique)

Workflow

  1. AI drafts quote based on conversation context and product-kb
  2. Send draft to owner via WhatsApp for approval
  3. Owner approves → AI sends to customer
  4. Update CRM: status = quote_sent, attach quote reference

Post-Quote Tracking

  • Day 3: If no reply → Follow up asking for feedback
  • Day 7: If no reply → Second follow-up with value proposition
  • Day 14: If no reply → Final follow-up or move to nurture
  • Reply received → Update CRM, continue negotiation (Stage 6)

Product KB Integration

Reads from product-kb/catalog.json for:

  • Product specs, dimensions, weight
  • FOB/CIF pricing
  • MOQ (Minimum Order Quantity)
  • Lead time / production time
  • Available certifications

Comments

Loading comments...