← Back to Skills Marketplace

unified-invoice

Name: unified-invoice
Author: mupengi-bot

by mupengi-bot · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

695

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install unified-invoice

Description

통합 견적서/세금계산서 생성기. 한국형 견적서(사업자등록번호, 부가세) + 프리랜서 인보이스(다국어, VAT). 거래처/품목 DB, PDF 출력, 자동 계산.

Usage Guidance

This skill appears coherent and implements a local invoice generator. Before installing: 1) Review data/my-info.json and remove any sensitive bank/account identifiers you don't want stored. 2) npm install will fetch puppeteer-core — run it in a controlled environment and ensure a compatible OpenClaw browser is running at http://localhost:18800 (SKILL.md notes this). 3) Note the scripts will create files under the skill directory and a workspace path (default $HOME/.openclaw/workspace) and write event JSON files; if you have policy concerns about file locations, set WORKSPACE/EVENTS_DIR explicitly. 4) If you require network isolation, ensure the local browser connection is permitted only to localhost. 5) If you want extra assurance, run the scripts in a sandbox and inspect their output files; there are no hidden remote endpoints or declared secret/env requirements beyond optional WORKSPACE/EVENTS_DIR and the local browser port.

Capability Analysis

Type: OpenClaw Skill Name: unified-invoice Version: 1.1.0 The skill is classified as suspicious due to significant input sanitization vulnerabilities. The `scripts/freelance-run.sh` script directly embeds user-provided arguments (e.g., `--service`, `--client`) into a generated Markdown file without proper escaping, creating a prompt injection risk if an AI agent processes this Markdown. Similarly, the `scripts/generate.js` script inserts user-provided input (e.g., `options.notes`, `item.name`) directly into HTML templates without sanitization, leading to HTML injection/XSS vulnerabilities in the generated HTML/PDF documents. These flaws allow for potential attacks but do not show clear evidence of intentional malicious behavior like data exfiltration or unauthorized remote control.

Capability Assessment

✓ Purpose & Capability

Name/description (Korean invoices, freelance invoices, templates, client/item DB) align with included scripts, templates, and data files. package.json dependency (puppeteer-core) is appropriate for HTML→PDF conversion. CLI commands in SKILL.md correspond to scripts/generate.js, manage-clients.js, and manage-items.js.

ℹ Instruction Scope

Runtime instructions and code operate on local files (data/*.json, templates/, output/) and create an events JSON. generate.js uses puppeteer.connect to a local browser (http://localhost:18800) for PDF conversion. freelance-run.sh writes invoices and an event file under a workspace directory. These behaviors are within expected scope but the skill will write personal/business info (data/my-info.json) and invoice files to disk — review those files if they contain sensitive bank/account info.

ℹ Install Mechanism

There is no formal install spec in the registry metadata, but SKILL.md instructs running npm install; package.json declares puppeteer-core which is a standard dependency. This is reasonable, but npm install will fetch packages from the registry — run it in a trusted environment. No downloads from arbitrary URLs or extract steps are present.

ℹ Credentials

Registry lists no required env vars, but scripts accept/use WORKSPACE and EVENTS_DIR (freelance-run.sh) and the code expects a local browser at port 18800. Those are reasonable defaults but are not declared as required; users should be aware the skill will attempt to connect to localhost:18800 and will create files under $HOME/.openclaw/workspace (or $WORKSPACE). The skill stores bankAccount and other personal/business fields in data/my-info.json — sensitive data remains local but will be written to disk in the skill/workspace directories.

✓ Persistence & Privilege

Skill does not request permanent platform privileges (always:false). It only writes files under its own directories and a workspace path, and it does not modify other skills or global agent configuration. Autonomous invocation is permitted by default but nothing in the code attempts to self-enable or persist beyond local files.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install unified-invoice
After installation, invoke the skill by name or use /unified-invoice
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

Updated version

v1.0.0

- 최초 릴리즈. `invoice-gen`, `korean-invoice` 두 스킬을 통합한 올인원 견적/세금계산서/프리랜서 인보이스 생성기. - 한국형 견적서, 세금계산서(사업자등록번호, 부가세 10% 자동 계산), 프리랜서 인보이스(다국어, VAT, 원천징수) 지원. - 거래처/품목 DB 및 관리 기능 탑재, 내 정보 설정 가능. - HTML/PDF/Markdown 출력 및 맞춤 템플릿 기능 제공. - 자동 계산, 유효기간/납기일 관리, 메시지 및 외부 연동 지원.

Metadata

Slug unified-invoice

Version 1.1.0

License —

All-time Installs 1

Active Installs 1

Total Versions 2

Frequently Asked Questions

What is unified-invoice?

통합 견적서/세금계산서 생성기. 한국형 견적서(사업자등록번호, 부가세) + 프리랜서 인보이스(다국어, VAT). 거래처/품목 DB, PDF 출력, 자동 계산. It is an AI Agent Skill for Claude Code / OpenClaw, with 695 downloads so far.

How do I install unified-invoice?

Run "/install unified-invoice" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is unified-invoice free?

Yes, unified-invoice is completely free (open-source). You can download, install and use it at no cost.

Which platforms does unified-invoice support?

unified-invoice is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created unified-invoice?

It is built and maintained by mupengi-bot (@mupengi-bot); the current version is v1.1.0.

More Skills