← Back to Skills Marketplace
642
Downloads
2
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install smartbill-invoicing
Description
Issue SmartBill invoices through the SmartBill.ro API with local automation. Use for SmartBill tasks such as validating invoice payloads, creating invoices,...
Usage Guidance
This skill appears to be what it says: a local Python CLI for SmartBill. Before installing or running it: 1) Only provide SMARTBILL_USERNAME/TOKEN to skills you trust; the source/homepage is unknown so verify the script contents yourself. 2) Use --dry-run to inspect normalized payloads and require explicit confirmation before issuing final invoices. 3) Do not enable SMARTBILL_DEBUG in production — it can log request/response bodies (sensitive). 4) When downloading PDFs, ensure --output is a safe path under your intended directory and that the script actually enforces no ../ traversal (review the script to confirm). 5) Prefer using short-lived or limited-scope tokens if SmartBill supports them. If you need higher assurance, ask the publisher for a verified source or code provenance (repo, release tags) before handing over real credentials.
Capability Analysis
Type: OpenClaw Skill
Name: smartbill-invoicing
Version: 1.0.9
The skill bundle is benign. The `scripts/smartbill_cli.py` implements robust security controls, notably the `_safe_output_path` function, which strictly validates PDF output paths to prevent arbitrary file writes and path traversal by ensuring paths end in `.pdf` and resolve within OpenClaw-allowed media roots or the current working directory. Furthermore, the `SKILL.md` and `agents/openai.yaml` instructions explicitly guide the AI agent towards secure practices, such as requiring `--allow-final` for issuing final invoices and reinforcing the output path restrictions, demonstrating a clear intent to prevent misuse rather than facilitate it.
Capability Assessment
Purpose & Capability
Name/description (SmartBill invoices) match the required binaries (python3), declared env vars (SMARTBILL_USERNAME, SMARTBILL_TOKEN, SMARTBILL_COMPANY_VAT_CODE) and the included CLI script. There are no unrelated credentials, binaries, or install steps that don't belong to an API client for SmartBill. Note: the skill's source/homepage is unknown which reduces provenance but does not create an internal inconsistency.
Instruction Scope
SKILL.md instructs the agent to run the included Python CLI for validation, dry-run, create, list series, and download PDFs — all within the invoicing scope. The doc warns about debug logging and output path restrictions. One operational caution: the CLI can print full request/response bodies to stderr when SMARTBILL_DEBUG is enabled (potentially exposing sensitive data), and the SKILL.md relies on an environment/platform-level restriction that output paths must stay within allowed media roots — verify the script actually enforces safe output path resolution to avoid path-traversal or writing files outside the intended directory.
Install Mechanism
No install spec; the skill is instruction-only with a bundled Python script. This is low-risk compared to remote downloads or package installs. The script uses only stdlib modules (urllib, json, base64), which is proportionate to an API client.
Credentials
Required env vars are limited to SmartBill credentials and a company VAT code; SMARTBILL_TOKEN is the primary credential. No unrelated secret variables are requested. The presence of SMARTBILL_DEBUG (optional) can cause sensitive request/response data to be logged to stderr — the SKILL.md documents this but users should avoid enabling it in production.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide config or persistent privileges. It does write downloaded PDFs to disk (per user-supplied --output), which is appropriate for a CLI tool but should be constrained to safe paths (see instruction_scope note). Autonomous invocation is allowed by default but is normal for skills and not by itself a concern here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smartbill-invoicing - After installation, invoke the skill by name or use
/smartbill-invoicing - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.9
- Changed the file path rules for `download-invoice-pdf`: `--output` now accepts both absolute and relative paths, as long as they end in `.pdf`.
- Clarified that relative output paths are resolved against the current working directory, and output must be within an allowed media root or working directory.
- Removed the previous restriction on absolute paths and `../` traversals when specifying output PDF location.
v1.0.8
No changes detected in this version.
- No new features, bugfixes, or documentation updates were introduced.
- Functionality and documentation remain identical to the previous version.
v1.0.7
- Enforced stricter rules for the `--output` path of `download-invoice-pdf`: it must be a relative `.pdf` path under the current working directory; absolute paths and directory traversals are now rejected.
- Updated documentation to clarify correct usage and constraints for invoice PDF downloads.
v1.0.6
- Clarified that SmartBill invoice numbers returned are zero-padded strings (e.g., "0123") and must be preserved exactly as received.
- Updated download and logging instructions to emphasize not stripping leading zeros or converting invoice numbers to integers.
- Added inline reminders and examples regarding correct handling of the invoice number in operational documentation.
v1.0.5
Version 1.0.5 of smartbill-invoicing
- No code or documentation changes detected in this release.
- All functionality, environment settings, and operational instructions remain the same as in the previous version.
v1.0.4
- Added support for SMARTBILL_DEBUG environment variable to enable request/response debug logging.
- Updated documentation to describe --debug CLI flag and how to enable detailed logging to stderr.
- No functional changes to core invoice operations.
v1.0.3
- Added metadata section specifying required environment variables and dependencies (`python3`) for automation.
- Declared `SMARTBILL_TOKEN` as the primary environment variable for the skill.
- No changes to code or functionality. Documentation now better informs automation platforms about required setup.
v1.0.2
Initial release of the SmartBill Invoicing skill:
- Enables issuing SmartBill invoices via the SmartBill.ro API with local automation.
- Provides CLI commands for validating invoice payloads, dry-run normalization, creating invoices, querying available document series, and downloading invoice PDFs.
- Supports both bare and wrapped invoice payload formats.
- Includes operational safeguards: requires explicit confirmation for final invoices and encourages use of dry-run validation.
- Offers extensive documentation and reference templates for reliable integration.
Metadata
Frequently Asked Questions
What is SmartBill Invoicing?
Issue SmartBill invoices through the SmartBill.ro API with local automation. Use for SmartBill tasks such as validating invoice payloads, creating invoices,... It is an AI Agent Skill for Claude Code / OpenClaw, with 642 downloads so far.
How do I install SmartBill Invoicing?
Run "/install smartbill-invoicing" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SmartBill Invoicing free?
Yes, SmartBill Invoicing is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SmartBill Invoicing support?
SmartBill Invoicing is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SmartBill Invoicing?
It is built and maintained by Maverick (@maverick-ai-tech); the current version is v1.0.9.
More Skills