Fakturownik
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: fakturator Version: 1.1.0 The skill is a standard VAT invoice generator designed for the Polish market. The Python script (fakturator.py) implements legitimate logic for VAT calculations, NIP/REGON validation, and invoice formatting in text, CSV, and JSON formats. No evidence of data exfiltration, malicious execution, or prompt injection was found. The documentation (SKILL.md) mentions a 'Pro' version available via email contact (tomaszpedzierski.infinity@wp.pl), which appears to be a simple commercial offering rather than a malicious lure.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Real invoices can contain tax identifiers, addresses, customer names, and pricing details that users may not want retained unexpectedly.
The skill is expected to handle invoice data, but this wording indicates buyer/seller details and invoice history may be remembered or stored.
**Dane firmowe** — zapamiętuje dane sprzedawcy i nabywcy ... **Historia faktur** — zapisuj i zarządzaj wystawionymi fakturami
Before using real data, check where history is stored, how to delete it, and avoid entering sensitive customer details unless retention is acceptable.
The visible code looks purpose-aligned, but users cannot confirm every runtime behavior from the supplied text alone.
The supplied source view stops during the main function, so this review cannot fully inspect the displayed executable path even though the static scan reported no findings.
"truncated": true
Review the complete source before running the Python script, especially any code that saves files, exports documents, or sends invoices.
A user may be encouraged to contact an external email address and follow a payment link outside the platform.
The skill includes an off-platform paid-upgrade/payment flow. It is disclosed, but users should verify it independently.
**Jak wykupić?** Wyślij maila na tomaszpedzierski.infinity@wp.pl — odpowiem z linkiem do płatności.
Do not send money or follow external payment links unless you have independently verified the author and terms.