功能描述

Collect invoices/receipts from Gmail and send a summary email with attachments. Automatically downloads PDF attachments or takes screenshots of emails withou...

使用说明 (SKILL.md)

Invoice Collector

Name: Invoice Collector
Author: mintannn

Collect invoices from Gmail and send them as a summary email with all attachments.

Security Considerations

Puppeteer `--no-sandbox` Flag

This skill uses --no-sandbox when launching Puppeteer/Chromium. This is required in many environments:

WSL (Windows Subsystem for Linux): Chrome sandbox requires kernel features not available in WSL1/WSL2
Docker containers: Unless running with --privileged or specific seccomp profiles
CI/CD environments: Most runners don't support Chrome's sandbox

Risk: Disabling the sandbox means if a malicious HTML email were rendered, it could potentially execute code outside the browser context.

Mitigation: This skill only renders emails from your own Gmail inbox. The risk is limited to emails you've already received. If you're concerned, review emails before processing or run in an isolated environment.

Installation via `curl | tar`

The gogcli installation example uses curl -sL ... | tar xz, which is a common pattern but carries supply chain risks if the source were compromised.

Safer alternative (verify checksum):

# Download and verify
curl -sLO https://github.com/steipete/gogcli/releases/latest/download/gogcli_linux_amd64.tar.gz
curl -sLO https://github.com/steipete/gogcli/releases/latest/download/checksums.txt
sha256sum -c checksums.txt --ignore-missing
tar xzf gogcli_linux_amd64.tar.gz
mv gog ~/.local/bin/

macOS users: Use brew install steipete/tap/gogcli which handles verification automatically.

Prerequisites & Setup

1. Install gogcli

# Linux (download binary)
curl -sL https://github.com/steipete/gogcli/releases/latest/download/gogcli_linux_amd64.tar.gz | tar xz
mv gog ~/.local/bin/

# macOS
brew install steipete/tap/gogcli

2. Setup Google OAuth

Go to Google Cloud Console
Create project → Enable Gmail API
Create OAuth credentials (Desktop app)
Download JSON

gog auth credentials ~/path/to/client_secret.json
gog auth add [email protected]

3. Install Puppeteer (for email screenshots)

cd /tmp && npm install puppeteer

4. Install Japanese fonts (optional, for JP emails)

sudo apt install fonts-noto-cjk

Usage

Generic Invoice Search

Search for any invoice/receipt without specifying specific senders:

export GOG_ACCOUNT="[email protected]"
export GOG_KEYRING_PASSWORD="your-password"

# Search all invoices in date range
gog gmail search '(invoice OR receipt OR 請求書 OR 領収書 OR billing OR payment) after:2026/01/01 before:2026/02/01'

# Search with specific criteria
gog gmail search 'subject:(invoice OR receipt) has:attachment after:2026/01/01'

Workflow

Search - Find invoice emails
Download - Get PDFs or screenshot emails
Summarize - Create summary with amounts
Send - Email to destination with attachments

Step 1: Search Invoices

# All invoices from last month
LAST_MONTH=$(date -d "1 month ago" +%Y/%m/01)
THIS_MONTH=$(date +%Y/%m/01)
gog gmail search "(invoice OR receipt OR 請求書 OR 領収書) after:$LAST_MONTH before:$THIS_MONTH" --json

Step 2: Process Each Email

mkdir -p /tmp/invoices

For emails WITH PDF attachments:

# Get message details
MSG_ID="\x3Cmessage_id_here>"
EMAIL_JSON=$(gog gmail read $MSG_ID --json)

# Find PDF attachment
ATTACH_INFO=$(echo "$EMAIL_JSON" | jq -r '.thread.messages[0].payload.parts[]? | select(.filename | test("\\.pdf$"; "i")) | "\(.body.attachmentId)|\(.filename)"' | head -1)
ATTACH_ID=$(echo "$ATTACH_INFO" | cut -d'|' -f1)
FILENAME=$(echo "$ATTACH_INFO" | cut -d'|' -f2)

# Download
gog gmail attachment $MSG_ID "$ATTACH_ID" --out "/tmp/invoices/$FILENAME"

For emails WITHOUT PDF (take screenshot):

MSG_ID="\x3Cmessage_id_here>"

# Extract HTML
gog gmail read $MSG_ID --json | node -e "
const fs = require('fs');
let data = '';
process.stdin.on('data', chunk => data += chunk);
process.stdin.on('end', () => {
  const json = JSON.parse(data);
  const msg = json.thread.messages[0];
  let html = '';
  const findHtml = (p) => {
    if (p.mimeType === 'text/html' && p.body?.data) {
      html = Buffer.from(p.body.data, 'base64').toString('utf-8');
    }
    if (p.parts) p.parts.forEach(findHtml);
  };
  (msg.payload.parts || []).forEach(findHtml);
  if (!html && msg.payload.body?.data) {
    html = Buffer.from(msg.payload.body.data, 'base64').toString('utf-8');
  }
  fs.writeFileSync('/tmp/invoices/email.html', html || '\x3Chtml>\x3Cbody>No content\x3C/body>\x3C/html>');
});
"

# Screenshot
node -e "
const puppeteer = require('puppeteer');
const fs = require('fs');
(async () => {
  const browser = await puppeteer.launch({ headless: 'new', args: ['--no-sandbox'] });
  const page = await browser.newPage();
  await page.setViewport({ width: 800, height: 1200 });
  await page.setContent(fs.readFileSync('/tmp/invoices/email.html', 'utf-8'), { waitUntil: 'networkidle0' });
  await page.screenshot({ path: '/tmp/invoices/receipt.png', fullPage: true });
  await browser.close();
})();
"

Step 3: Extract Invoice Info

Parse email for sender, date, amount:

# Get basic info from email
gog gmail read $MSG_ID --json | jq '{
  from: .thread.messages[0].payload.headers[] | select(.name=="From") | .value,
  subject: .thread.messages[0].payload.headers[] | select(.name=="Subject") | .value,
  date: .thread.messages[0].payload.headers[] | select(.name=="Date") | .value
}'

Step 4: Send Summary Email

gog gmail send \
  --to "[email protected]" \
  --subject "【$(date +%Y年%m月)】請求書まとめ" \
  --body "請求書・領収書を添付します。

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 請求書まとめ
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

【添付ファイル】
1. Invoice-001.pdf - Service A
2. Receipt.png - Service B (メールスクショ)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

このメールは自動生成されました。
" \
  --attach /tmp/invoices/Invoice-001.pdf \
  --attach /tmp/invoices/Receipt.png

Example Prompts

Generic:

"先月の請求書を全部集めてまとめて送って"
"invoiceで検索して今月届いた請求書を[email protected]に転送して"
"has:attachment receipt で検索して請求書集めて"

Specific:

"AnthropicとVercelとAWSの請求書を集めて"
"from:stripe の請求書を過去3ヶ月分まとめて"

Tips

Date format: YYYY/MM/DD for gog search
PDF priority: Always prefer PDF attachments over screenshots
Japanese fonts: Required for correct rendering of JP emails
Cleanup: rm -rf /tmp/invoices after sending
Cron: Set up monthly cron job for recurring collection

安全使用建议

This skill appears to do what it claims, but take these precautions before installing or running it: - Gmail access is required: the skill uses gogcli OAuth tokens to read/send your mail. Only grant this to an account you trust and understand the scope (read and send). Treat those tokens as highly sensitive. - Avoid exporting passwords on the command line. SKILL.md suggests exporting GOG_KEYRING_PASSWORD; doing that writes secrets into shell history. Prefer using a config file or secure keyring prompts instead. - Puppeteer runs Chromium with --no-sandbox (documented). Rendering arbitrary email HTML without a sandbox increases risk; run this in an isolated environment (dedicated VM/container) if you process untrusted senders. - Verify gogcli install sources: the examples use GitHub releases (common), but do not pipe unverified archives blindly — follow the SKILL.md guidance to verify checksums or use your OS package manager. - Inspect the included script (scripts/collect_invoices.sh) and test on a limited mailbox subset before running broadly. Confirm the destination email address in the config to avoid accidental data leakage. If you want higher assurance, ask the maintainer for (1) a declared list of required environment variables in the registry metadata to match SKILL.md, (2) a verified install method (checksums or package manager), and (3) an option that avoids sending keyring passwords via env variables.

功能分析

Type: OpenClaw Skill Name: invoice-collector Version: 1.2.0 The skill is classified as suspicious due to the explicit use of Puppeteer with the `--no-sandbox` flag in both the `SKILL.md` instructions and the `scripts/collect_invoices.sh` script. While acknowledged in the documentation as a compatibility requirement, this flag introduces a significant Remote Code Execution (RCE) vulnerability if a malicious HTML email is processed. Additionally, the `SKILL.md` recommends installing `gogcli` via `curl | tar`, which is a supply chain risk, although it also provides a safer alternative. There is no evidence of intentional malicious behavior like data exfiltration to external endpoints, unauthorized persistence, or prompt injection attempts against the agent, but the RCE risk is substantial.

能力评估

✓ Purpose & Capability

The name/description (collect invoices from Gmail, summarize, forward attachments) lines up with the included script and SKILL.md: it requires gogcli for Gmail access, jq for JSON parsing, and node/puppeteer for HTML screenshots. The resources requested are broadly appropriate for the stated purpose.

ℹ Instruction Scope

Instructions and the script operate directly on the user's Gmail account (search, read message bodies, download attachments, render HTML, and send email). This is expected for an invoice-gathering tool. The SKILL.md explicitly instructs rendering HTML via Puppeteer (with --no-sandbox) and exporting keyring passwords for gog, which increases operational risk and should be treated carefully.

ℹ Install Mechanism

The skill is instruction-only (no platform install spec), but SKILL.md recommends installing gogcli via a curl | tar pipeline and installing puppeteer via npm. The GitHub releases URL is a common source (better than an unknown host), but piping into tar and npm-installing Puppeteer (which downloads Chromium) carry supply-chain and local-execution risks unless checksums or package manager installs are used. The SKILL.md itself recommends verifying checksums or using brew on macOS.

⚠ Credentials

Registry metadata listed no required env vars, but SKILL.md documents GOG_ACCOUNT and GOG_KEYRING_PASSWORD; the script also expects a config.json with account/destination fields. The skill requires OAuth credentials (Gmail access) via gogcli — a sensitive capability. Asking users to export GOG_KEYRING_PASSWORD on the shell can expose secrets via shell history. The number and type of credentials are proportionate to the function, but the metadata mismatch and advice to export a keyring password are concerns.

✓ Persistence & Privilege

The skill is not always-enabled and does not request persistent system-wide privileges. It runs as a user process, uses temporary directories under /tmp (unique name), and deletes them at the end. It does not modify other skills or system-wide agent config.

版本历史

v1.2.0

Added Security Considerations section explaining --no-sandbox requirement and safer installation alternatives

v1.1.0

Added missing runtime requirements (node, jq, puppeteer) and environment variables to metadata

v1.0.0

Initial release of invoice-collector. - Collects invoices/receipts from Gmail and sends a summary email with attachments. - Automatically downloads PDF attachments or generates screenshots if no PDF is present. - Requires gogcli (gog) and Gmail API access to function. - Includes setup instructions for gogcli, Google OAuth, Puppeteer, and optional Japanese fonts. - Step-by-step workflow: search, download, summarize, and send invoices. - Provides example prompts and advanced usage tips.

元数据

Slug invoice-collector

版本 1.2.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 3

常见问题