ClawHub
Back to skill
v1.0.0

Norman: Invoice Overdue Reminders

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:52 AM.

Analysis

This instruction-only skill is coherent and requires user approval before sending reminders, but it will access finance data and can send payment reminders to clients.

GuidanceBefore installing, confirm that the Norman Finance connection is the one you intend to use. When running the skill, carefully review each overdue invoice, recipient, reminder wording, and legal/business implications before approving any reminder to be sent.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
- Use `send_invoice_overdue_reminder` for each approved reminder\n- Wait for user confirmation before each send

The skill can trigger client-facing payment reminders, which is a high-impact business action, but the artifact also requires per-send user confirmation.

User impactIf approved, the agent can send payment reminders that may affect client relationships and have legal or business implications.
RecommendationReview each reminder, recipient, amount, due date, and tone before approving any send.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
requires:\n      mcp:\n        - norman-finance

The skill depends on a Norman Finance MCP connection, which implies delegated access to the user's finance workspace or account.

User impactThe agent may access invoice and client information through the connected finance service.
RecommendationInstall only if you trust the Norman Finance connection and are comfortable with the agent using that account to review overdue invoices.