Invoice Generator
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward local invoice generator with no install code or credentials, though its HTML output uses an external font and should escape invoice text.
This appears safe to use for local invoice generation. Verify totals and payment details, avoid copying untrusted HTML into fields, and remove the Google Fonts link if you need a fully offline, self-contained invoice.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening an invoice may contact Google to fetch a font, and the invoice may not render identically offline.
The generated invoice depends on a third-party stylesheet when opened, even though the skill describes the output as a self-contained HTML file.
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700;800&display=swap" rel="stylesheet">
Use a system font or bundle/remove the external font if fully offline or self-contained output is important.
If untrusted text is pasted into invoice fields, it could be rendered as HTML in the local invoice file rather than plain text.
The workflow inserts user-provided invoice fields into an HTML document but does not explicitly say to HTML-escape text values before generating table rows.
Replace placeholders with actual data ... `{{LINE_ITEMS}}` | HTML table rows for itemsEscape or sanitize all text fields and only generate known-safe HTML for table structure; review the output before opening or sharing.