← Back to Skills Marketplace

Invoices

Name: Invoices
Author: ivangdavila

by Iván · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1181

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install invoices

Description

Capture, extract, and organize received invoices with automatic OCR, provider detection, and searchable archive.

README (SKILL.md)

Trigger

Use when user receives invoices (email, photo, PDF) and wants them organized automatically.

Key difference: This skill MANAGES received invoices. The invoice skill CREATES invoices to send.

Storage

~/invoices/
├── inbox/                    # Unprocessed files awaiting extraction
├── archive/                  # Organized by year/month
│   └── 2026/
│       └── 02/
│           └── 2026-02-13_Hetzner_INV-12345_89.50.pdf
├── providers/                # Provider metadata
│   └── index.json
├── entries.json              # All invoice metadata (searchable)
└── state.json                # Processing state

Quick Reference

Topic	File
Capture and extraction workflow	`process.md`
Fields to extract	`extraction.md`
Search queries and reports	`search.md`
Legal requirements by country	`legal.md`

Process Summary

Capture — Receive invoice (email attachment, photo, direct PDF). Copy to inbox/.
Extract — OCR if needed, parse fields (provider, date, amounts, tax).
Validate — Check required fields, detect duplicates.
Organize — Rename, move to archive/YYYY/MM/, update entries.json.
Confirm — Show extracted data, allow corrections.

See process.md for detailed workflow.

Critical Rules

Never delete originals — Keep PDFs permanently. Legal requirement (4-6 years depending on country).
Detect duplicates — Same invoice number + provider = duplicate. Alert, don't overwrite.
Validate tax math — Base + tax should equal total. Flag discrepancies.
Provider normalization — "HETZNER ONLINE GMBH" = "Hetzner". Maintain provider aliases.

Alerts

Invoice pending >48h in inbox
Payment due in \x3C7 days
Unusual amount (>50% higher than same provider average)
Missing expected recurring invoice

Usage Guidance

This skill appears internally consistent with its invoice-management purpose, but review these before enabling: - Storage and backups: the skill stores originals and derived files under ~/invoices/; confirm you are comfortable with that path, ensure backups are encrypted and retention policies meet your legal needs. - Email and portal access: email monitoring and URL downloads are optional but require you to provide credentials or connectors. Only configure these if you trust the agent and understand which account it will access. - OCR and VAT validation: the docs mention a 'vision model' and the VIES API but do not state whether processing is local or sent to third-party services. Ask (or test) where OCR and VIES requests are executed; sending invoice images externally can leak sensitive data. - Test with non-sensitive data: before putting real or confidential invoices through automation, run a trial with redacted or dummy invoices to verify naming, deduplication, validation logic, and data flows. - GDPR/PII: invoices may contain personal data. Use redaction or limit exports, and confirm export destinations are compliant with your jurisdictional rules. - Retention and deletion: the skill's rule is to never delete originals; if you need different retention, prepare a manual policy or modify behavior before bulk import. If you need the skill to access email/remote services, require explicit, auditable configuration and verify that network calls (OCR/VIES) go to trusted endpoints. Otherwise the skill is coherent and appropriate for the stated purpose.

Capability Analysis

Type: OpenClaw Skill Name: invoices Version: 1.0.1 The skill is designed for invoice management, which involves legitimate file system and network access. However, the `process.md` file indicates the agent's capability to 'Download from URL if provided' for invoice capture. While intended for legitimate invoice portals, this capability introduces a vulnerability risk: if an attacker can control the URL provided to the agent, it could lead to arbitrary file download, potentially enabling further exploitation (e.g., RCE if the downloaded file is then processed or executed). There is no explicit malicious intent within the skill's code or instructions, but this capability, combined with email integration (also in `process.md`), makes it suspicious due to the potential for abuse or exploitation, rather than being benign.

Capability Assessment

✓ Purpose & Capability

Name/description align with the instructions: capture, OCR/parse, validate, organize, and search invoices. There are no unexpected required binaries, environment variables, or install steps that would contradict the stated purpose.

ℹ Instruction Scope

The SKILL.md/process.md explicitly allows optional email integration, downloading invoices from URLs, and sending documents to a 'vision model' for OCR and to the VIES API for VAT validation. These actions are coherent for invoice processing but can cause broader data access (email inbox, network transfers). The skill does not specify whether OCR/VIES calls run locally or send data to external services, which affects privacy/exfiltration risk.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. This minimal footprint is consistent with the stated behavior and reduces installation risk (nothing is written to disk by an installer).

ℹ Credentials

The skill declares no required environment variables or credentials, which is proportionate. However, useful features (email scanning, portal downloads, VIES validation, remote OCR) will require the user to provide credentials or enable connectors outside the skill. The skill reads/writes user files under ~/invoices/ and handles potentially sensitive personal data (invoices), so data-flow and credential management should be considered before enabling integrations.

✓ Persistence & Privilege

always is false and the skill is user-invocable; it does not request permanent platform presence or modifications to other skills. It writes only to its own stated folder structure and tracks its own state files, which is appropriate for its function.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install invoices
After installation, invoke the skill by name or use /invoices
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Complete rewrite: now manages received invoices (OCR, extraction, archive)

v1.0.0

Initial release

Metadata

Slug invoices

Version 1.0.1

License —

All-time Installs 1

Active Installs 1

Total Versions 2

Frequently Asked Questions

What is Invoices?

Capture, extract, and organize received invoices with automatic OCR, provider detection, and searchable archive. It is an AI Agent Skill for Claude Code / OpenClaw, with 1181 downloads so far.

How do I install Invoices?

Run "/install invoices" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Invoices free?

Yes, Invoices is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Invoices support?

Invoices is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Invoices?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.1.

More Skills