← Back to Skills Marketplace

Invoice Generator Pro

Name: Invoice Generator Pro
Author: claudiodrusus

by claudiodrusus · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

587

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install shelly-invoice-generator

Description

Generate professional invoices in Markdown or HTML by specifying client, items, tax, currency, dates, and output format.

Usage Guidance

This skill is internally coherent and appears safe for routine use, but consider the following before installing or running it: - Dependency: The script uses the 'bc' command for math but the skill metadata doesn't declare it. Ensure 'bc' is present on your system or the script will fail. - Output overwrite: If you pass --output <path>, the script will overwrite that file without further confirmation. Avoid writing to sensitive locations. - Unescaped user input in HTML: Fields like description, client name, and email are inserted verbatim into template.html (no escaping). If you render generated HTML in a browser and include untrusted input, that could produce unwanted HTML injection. Sanitize user-provided fields when accepting them from untrusted sources. - Safe usage: Review the shipped script and template (they're short and readable). If you plan to run this in an automated or multi-user environment, add input validation/sanitization and run with least privileges. If you want higher assurance, ask the maintainer to (1) list 'bc' as a required binary in the metadata, (2) document any assumptions about file paths, and (3) optionally escape HTML when producing the HTML output.

Capability Analysis

Type: OpenClaw Skill Name: shelly-invoice-generator Version: 1.0.0 The skill is classified as suspicious due to multiple critical vulnerabilities in `generate-invoice.sh`. User-supplied values for `--item` (specifically 'Qty' and 'Rate') and `--tax` are directly passed to the `bc` command without sanitization, creating a severe shell injection vulnerability that could lead to arbitrary code execution. Furthermore, the `--output` parameter allows writing the generated invoice to an arbitrary file path, posing an arbitrary file write risk. Finally, user inputs are directly inserted into the HTML and Markdown outputs without proper sanitization, leading to potential HTML/Markdown injection (XSS) if the output is rendered.

Capability Assessment

ℹ Purpose & Capability

Name/description match the included files. The bash script, HTML template, and examples all align with 'invoice generation'. Minor mismatch: the script relies on the 'bc' utility for arithmetic but the skill metadata and SKILL.md declare no required binaries.

✓ Instruction Scope

SKILL.md instructs the agent to run the included generate-invoice.sh with CLI args. The script only reads its companion template.html, processes CLI inputs, and writes output to stdout or a specified file — it does not access unrelated system files, environment variables, or external network endpoints.

✓ Install Mechanism

No install spec (instruction-only plus shipped script/template) — nothing is downloaded or installed. This is the lowest-risk install pattern.

✓ Credentials

No environment variables, secrets, or external credentials are requested. The requested capabilities are proportional to an invoice generator.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or global agent settings, and does not require persistent system presence.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install shelly-invoice-generator
After installation, invoke the skill by name or use /shelly-invoice-generator
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of Invoice Generator. - Generate professional invoices in Markdown or HTML with simple command-line inputs. - Support for multiple items, custom tax rate, currency, and invoice numbering. - Output invoices to stdout or save as a file. - HTML output uses a print-ready template; Markdown uses clean tables.

Metadata

Slug shelly-invoice-generator

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Invoice Generator Pro?

Generate professional invoices in Markdown or HTML by specifying client, items, tax, currency, dates, and output format. It is an AI Agent Skill for Claude Code / OpenClaw, with 587 downloads so far.

How do I install Invoice Generator Pro?

Run "/install shelly-invoice-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Invoice Generator Pro free?

Yes, Invoice Generator Pro is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Invoice Generator Pro support?

Invoice Generator Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Invoice Generator Pro?

It is built and maintained by claudiodrusus (@claudiodrusus); the current version is v1.0.0.

More Skills