← 返回 Skills 市场
unified-invoice
作者
mupengi-bot
· GitHub ↗
· v1.1.0
695
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install unified-invoice
功能描述
통합 견적서/세금계산서 생성기. 한국형 견적서(사업자등록번호, 부가세) + 프리랜서 인보이스(다국어, VAT). 거래처/품목 DB, PDF 출력, 자동 계산.
安全使用建议
This skill appears coherent and implements a local invoice generator. Before installing: 1) Review data/my-info.json and remove any sensitive bank/account identifiers you don't want stored. 2) npm install will fetch puppeteer-core — run it in a controlled environment and ensure a compatible OpenClaw browser is running at http://localhost:18800 (SKILL.md notes this). 3) Note the scripts will create files under the skill directory and a workspace path (default $HOME/.openclaw/workspace) and write event JSON files; if you have policy concerns about file locations, set WORKSPACE/EVENTS_DIR explicitly. 4) If you require network isolation, ensure the local browser connection is permitted only to localhost. 5) If you want extra assurance, run the scripts in a sandbox and inspect their output files; there are no hidden remote endpoints or declared secret/env requirements beyond optional WORKSPACE/EVENTS_DIR and the local browser port.
功能分析
Type: OpenClaw Skill
Name: unified-invoice
Version: 1.1.0
The skill is classified as suspicious due to significant input sanitization vulnerabilities. The `scripts/freelance-run.sh` script directly embeds user-provided arguments (e.g., `--service`, `--client`) into a generated Markdown file without proper escaping, creating a prompt injection risk if an AI agent processes this Markdown. Similarly, the `scripts/generate.js` script inserts user-provided input (e.g., `options.notes`, `item.name`) directly into HTML templates without sanitization, leading to HTML injection/XSS vulnerabilities in the generated HTML/PDF documents. These flaws allow for potential attacks but do not show clear evidence of intentional malicious behavior like data exfiltration or unauthorized remote control.
能力评估
Purpose & Capability
Name/description (Korean invoices, freelance invoices, templates, client/item DB) align with included scripts, templates, and data files. package.json dependency (puppeteer-core) is appropriate for HTML→PDF conversion. CLI commands in SKILL.md correspond to scripts/generate.js, manage-clients.js, and manage-items.js.
Instruction Scope
Runtime instructions and code operate on local files (data/*.json, templates/, output/) and create an events JSON. generate.js uses puppeteer.connect to a local browser (http://localhost:18800) for PDF conversion. freelance-run.sh writes invoices and an event file under a workspace directory. These behaviors are within expected scope but the skill will write personal/business info (data/my-info.json) and invoice files to disk — review those files if they contain sensitive bank/account info.
Install Mechanism
There is no formal install spec in the registry metadata, but SKILL.md instructs running npm install; package.json declares puppeteer-core which is a standard dependency. This is reasonable, but npm install will fetch packages from the registry — run it in a trusted environment. No downloads from arbitrary URLs or extract steps are present.
Credentials
Registry lists no required env vars, but scripts accept/use WORKSPACE and EVENTS_DIR (freelance-run.sh) and the code expects a local browser at port 18800. Those are reasonable defaults but are not declared as required; users should be aware the skill will attempt to connect to localhost:18800 and will create files under $HOME/.openclaw/workspace (or $WORKSPACE). The skill stores bankAccount and other personal/business fields in data/my-info.json — sensitive data remains local but will be written to disk in the skill/workspace directories.
Persistence & Privilege
Skill does not request permanent platform privileges (always:false). It only writes files under its own directories and a workspace path, and it does not modify other skills or global agent configuration. Autonomous invocation is permitted by default but nothing in the code attempts to self-enable or persist beyond local files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install unified-invoice - 安装完成后,直接呼叫该 Skill 的名称或使用
/unified-invoice触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Updated version
v1.0.0
- 최초 릴리즈. `invoice-gen`, `korean-invoice` 두 스킬을 통합한 올인원 견적/세금계산서/프리랜서 인보이스 생성기.
- 한국형 견적서, 세금계산서(사업자등록번호, 부가세 10% 자동 계산), 프리랜서 인보이스(다국어, VAT, 원천징수) 지원.
- 거래처/품목 DB 및 관리 기능 탑재, 내 정보 설정 가능.
- HTML/PDF/Markdown 출력 및 맞춤 템플릿 기능 제공.
- 자동 계산, 유효기간/납기일 관리, 메시지 및 외부 연동 지원.
元数据
常见问题
unified-invoice 是什么?
통합 견적서/세금계산서 생성기. 한국형 견적서(사업자등록번호, 부가세) + 프리랜서 인보이스(다국어, VAT). 거래처/품목 DB, PDF 출력, 자동 계산. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 695 次。
如何安装 unified-invoice?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install unified-invoice」即可一键安装,无需额外配置。
unified-invoice 是免费的吗?
是的,unified-invoice 完全免费(开源免费),可自由下载、安装和使用。
unified-invoice 支持哪些平台?
unified-invoice 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 unified-invoice?
由 mupengi-bot(@mupengi-bot)开发并维护,当前版本 v1.1.0。
推荐 Skills