ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quotation Generator

v1.2.0

Auto-generate professional PDF proforma invoices with company letterhead, multi-language support, and post-quote tracking.

0· 137·0 current·0 all-time
by@ipythoning

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/sdr-quotation-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Quotation Generator" (ipythoning/sdr-quotation-generator) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/sdr-quotation-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sdr-quotation-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install sdr-quotation-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described purpose (generate PDFs, multi-language quotes, post-quote tracking) is reasonable, but the runtime instructions require integrations (WhatsApp for owner approval/customer delivery, a CRM for status updates) and local product-KB access that the skill metadata does not declare (no env vars, no config paths, no install). Legitimately implementing these features would normally require API keys, phone numbers, or CRM credentials — their absence is an incoherence.
!
Instruction Scope
SKILL.md explicitly tells the agent to read product-kb/catalog.json, send drafts via WhatsApp, and update CRM records and follow-up on schedule. Those are concrete filesystem and network actions. The instructions do not specify which CRM, which WhatsApp integration (API, Twilio, webhooks), where product-kb should live, or what approval/consent flow to use — giving the agent broad discretion and potential access to sensitive files or external endpoints.
Install Mechanism
No install spec and no code files are present, which minimizes supply-chain risk because nothing is written to disk by an installer. This is consistent with an instruction-only skill, but it increases reliance on the runtime environment and existing integrations (which are not declared).
!
Credentials
The skill requires access to external services (WhatsApp, CRM) and a local product catalog but declares no required environment variables, credentials, or config paths. Expectation would be API tokens, phone numbers, CRM API keys, and a declared path for product-kb; requesting none is disproportionate and hides needed privileges.
!
Persistence & Privilege
The skill is not marked always:true (good), but it allows autonomous model invocation (platform default). Combined with instructions to send messages and update CRM, that means an agent could autonomously transmit customer data or make outbound updates once given the runtime credentials — the metadata gives no constraints or approval gating. This combination increases risk unless you limit autonomous actions or require explicit approval steps.
What to consider before installing
Do not install or enable this skill until the author clarifies integration details. Ask for: (1) exact WhatsApp integration method and required credentials (API provider, tokens, phone numbers), (2) which CRM is used and the required API keys/permissions, (3) the canonical path and access controls for product-kb/catalog.json, and (4) whether outbound sends and scheduled follow-ups require explicit owner approval. If you proceed, require least-privilege credentials (scoped API tokens), enable human approval before sending to customers, test in a sandbox environment with dummy data, and ensure logging/auditing of all outbound messages and CRM changes. If these details are not provided or cannot be validated, treat the skill as risky and avoid granting it credentials or network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk974rtk441kkv462q6nchsa34s83j6q3
137downloads
0stars
3versions
Updated 1mo ago
v1.2.0
MIT-0
@ipythoning
latest
Download

Quotation Generator

Generate professional proforma invoices for B2B export deals.

Trigger

  • Customer requests quote/pricing
  • Owner instructs: "Send quote to [customer]"
  • Stage 5 of sales pipeline

Quote Content

Each proforma invoice includes:

  1. Company letterhead — logo, company name, address, contact info
  2. Customer info — company, contact person, country
  3. Product table — item, specs, quantity, unit price, total
  4. Terms — payment terms, delivery time, shipping method, Incoterms
  5. Validity — quote valid for 30 days (configurable)
  6. Notes — special conditions, certifications, warranty

Naming Convention

{{brand_code}}-YYYYMMDD-NNN (e.g., FY-20260324-001)

Multi-Language Support

Generate quotes in customer's language:

  • English (default)
  • French (West/Central Africa)
  • Arabic (Middle East/North Africa)
  • Spanish (Latin America)
  • Portuguese (Brazil, Mozambique)

Workflow

  1. AI drafts quote based on conversation context and product-kb
  2. Send draft to owner via WhatsApp for approval
  3. Owner approves → AI sends to customer
  4. Update CRM: status = quote_sent, attach quote reference

Post-Quote Tracking

  • Day 3: If no reply → Follow up asking for feedback
  • Day 7: If no reply → Second follow-up with value proposition
  • Day 14: If no reply → Final follow-up or move to nurture
  • Reply received → Update CRM, continue negotiation (Stage 6)

Product KB Integration

Reads from product-kb/catalog.json for:

  • Product specs, dimensions, weight
  • FOB/CIF pricing
  • MOQ (Minimum Order Quantity)
  • Lead time / production time
  • Available certifications

Comments

Loading comments...