发票识别
v1.0.0发票 OCR 识别技能。扫描文件夹中的发票文件(PDF/图片),调用阿里云 OCR API 识别发票信息并导出到 Excel 表格。支持 17+ 种发票类型(增值税发票、火车票、出租车票、机票行程单、定额发票、机动车销售发票、过路过桥费发票等)。使用场景:(1) 用户提到"发票识别"、"发票统计"、"发票整理"、...
⭐ 0· 115·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, aliyun-ocr-api.md and the Python script all align: the skill scans invoice files, calls the Aliyun OCR endpoint, parses results and exports to Excel. The single external endpoint (ocr-api.cn-hangzhou.aliyuncs.com) matches the described purpose.
Instruction Scope
Runtime instructions are narrowly scoped to asking the user for Aliyun AccessKey ID/Secret (or guiding them to run --config), scanning a user-provided folder, calling Aliyun OCR, and exporting results. The skill does not instruct reading unrelated system files or contacting other endpoints. Note: it asks the agent to actively request secrets from the user, which is necessary for operation but sensitive.
Install Mechanism
No install spec; only a pip dependency (openpyxl) is recommended. The skill is instruction + single Python script; nothing is downloaded from arbitrary URLs. This is proportionate for the described functionality.
Credentials
The skill requests no environment variables but requires Aliyun AccessKey ID and Secret to operate. Those credentials are collected via interactive prompt or by running --config and are saved to a local config.json under the skill directory in plaintext. Saving secrets unencrypted to disk is a practical but sensitive choice—it's proportionate to the task but requires caution (prefer RAM subaccount, minimal permissions, and local key management).
Persistence & Privilege
always:false and no special privileges. The script writes its own config.json inside the skill directory and writes output Excel files—expected behavior. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it will read invoice files you point it at, upload image/PDF bytes to Aliyun's OCR API, parse the response, and write an Excel file. Before installing or running it: (1) understand it will ask for and store your Aliyun AccessKey ID and Secret in config.json (plaintext) — avoid using root account keys; create a RAM sub-account with minimal AliyunOCR permissions and use those keys only; (2) invoices contain sensitive financial data — recognize that image bytes will be sent to Aliyun (cloud) and you may incur API charges; (3) review the script if you need to confirm no additional endpoints/behaviour; (4) consider running on a copy of invoice files and rotating keys after use. If you are uncomfortable storing credentials in plaintext, modify the script to use environment variables or a secure secrets store before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97fc9xjnpvjmvbb6zx2rex85h83m4tj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.