InvoiceGen

Stop paying $15/month just to generate a PDF. Tell OpenClaw 'Bill Acme Corp for 10 hours of design work at $85/hr, net 30' and get a beautifully branded invo...

What to check before installing and using InvoiceGen: - Runtime requirements: The registry metadata lists no required binaries, but the code and README expect Python 3 and Playwright (plus a Chromium install via `playwright install chromium`). Install those intentionally — the package will not do that for you. - Local vs networked rendering: The PDF generator uses Playwright to load a local HTML file but Playwright can fetch remote resources referenced in the HTML (images, fonts, CSS). If a logo or template includes a remote URL, rendering may make network requests (which could reveal your IP or load content you didn't expect). Use local logo files in invoices/ or ensure remote resources are trusted. - Path & data safety: The skill enforces output paths within invoices/ and the SKILL.md prescribes sanitizing client-provided strings — follow those rules. Review how your assistant templates LOGO_PATH and client fields are populated to avoid accidental path traversal or remote URLs. - Sensitive data storage: Do not store raw bank account numbers, full tax IDs, or plaintext secrets in business-profile.json. The package itself advises restricting file permissions (chmod 600/700). Follow that guidance and consider using reference IDs or a secure secrets mechanism if you need to include payment details. - Optional dashboard: The dashboard notes discuss Supabase and encryption for production use. Those are optional and not implemented by the included scripts; only enable/ integrate those services if you understand the additional operational and security implications. - Review the code: The included Python script appears well-scoped (disables JS before rendering and enforces output path checks). Still, if you will run it on sensitive data, inspect the template generation code your assistant will produce (ensure it doesn't embed remote URLs or unsanitized HTML) and run in a controlled environment initially. If you want, I can: (a) list the exact commands to install the required runtime (Python + Playwright), (b) scan the templates for any occurrences of remote URLs, or (c) produce a short checklist to harden local usage (permissions, sandboxing, restricting logos to local files).

Type: OpenClaw Skill Name: normieclaw-invoicegen Version: 1.0.3 The InvoiceGen skill is a well-implemented tool for local invoice management and PDF generation. It demonstrates strong security awareness by implementing path traversal protections and disabling JavaScript execution during PDF rendering in `scripts/generate-invoice-pdf.py`. The instructions in `SKILL.md` and `SETUP-PROMPT.md` prioritize data isolation and proper file permissions (e.g., chmod 600/700), with no evidence of malicious intent, unauthorized network activity, or data exfiltration.