invoice-qr-scanner

v1.0.0

Scan QR codes from invoice receipts and automatically fill electronic invoice applications. Use when user asks to scan QR codes from images, complete electro...

⭐ 0· 392·0 current·0 all-time

byEvan Chen@chenzhuowen

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chenzhuowen/invoice-qr-scanner.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "invoice-qr-scanner" (chenzhuowen/invoice-qr-scanner) from ClawHub.
Skill page: https://clawhub.ai/chenzhuowen/invoice-qr-scanner
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install chenzhuowen/invoice-qr-scanner

ClawHub CLI

Package manager switcher

npx clawhub@latest install invoice-qr-scanner

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill name/description (scan invoice QR and fill invoice forms) matches the included QR decoding script and the stated use of MEMORY.md for company/contact info. However, the SKILL.md references browser automation and live form submission but does not declare or include any browser-automation implementation, dependencies, or explicit user-consent steps—this omission is a gap between claimed capability and what's provided.

Instruction Scope

Instructions tell the agent to: decode a QR to a URL, open that URL in browser automation, read sensitive company/contact data from memory files (MEMORY.md, memory/YYYY-MM-DD.md), fill and submit forms, take snapshots, and update memory. These actions involve reading and transmitting sensitive data (tax ID, bank account, phone, emails) to external endpoints discovered from QR codes. The SKILL.md says to 'Always verify' the URL but does not mandate user confirmation or domain whitelisting before submission, nor does it specify how snapshots and memory updates are stored or protected.

ℹ

Install Mechanism

There is no install spec (instruction-only skill) which reduces some risk. The repository includes Node.js script and package.json that instructs npm install of qrcode-reader and canvas; canvas has native system dependencies (libcairo, etc.) noted in README. No remote downloads from untrusted URLs are present. Overall install risk is low-to-moderate but the skill assumes availability of browser automation without providing it.

Credentials

The skill requests no environment variables or external credentials, which is good, but it explicitly reads local memory files containing highly sensitive company information (tax ID, bank account numbers, phone numbers, emails) and will transmit them to whatever URL the QR code contains. That is a high-sensitivity operation without declared safeguards; the lack of requested credentials is not sufficient protection because the skill still exfiltrates secrets via the web forms it auto-submits to.

ℹ

Persistence & Privilege

always:false and default autonomous invocation are set. Autonomous invocation combined with this skill's ability to read memory and submit external forms raises the blast radius if the agent runs without explicit user confirmation. The skill also instructs updating memory files, which is reasonable for its purpose but not documented how writes are controlled or consented to.

What to consider before installing

This skill does what it claims (decodes QR codes and attempts to fill invoice forms), but it will read sensitive company data from your agent memory and submit it to whatever URL is encoded in the QR. Before installing: 1) require that the agent always prompt you for confirmation (and show the decoded URL) before opening or submitting to the site; 2) prefer a domain whitelist or manual-approval step for target URLs; 3) verify where snapshots and updated MEMORY.md entries are stored and who can access them; 4) test the scan-qr.js locally to confirm QR output; 5) ensure browser automation runs in a sandboxed environment and that sensitive fields are not auto-submitted without explicit consent. If the author can provide an explicit browser-automation implementation, a forced confirmation step, or domain whitelisting, reassess — those mitigations would reduce the current concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c8cznwdd682x81p5pay0xwn8264pq

392downloads

0stars

1versions

Updated 21h ago

v1.0.0

MIT-0

Invoice QR Scanner

Overview

This skill enables automatic electronic invoice application by scanning QR codes from receipt images and filling out online invoice forms. It handles the complete workflow from QR code detection to invoice submission.

Workflow

Step 1: QR Code Recognition

When a user provides an invoice receipt image containing a QR code:

Run the QR code recognition script:
```
node scan-qr.js <image-path>
```
The script outputs the decoded QR code URL
If recognition fails, ask user to provide the URL directly

Step 2: Navigate to Invoice System

Open the decoded URL in browser automation
Verify the page loads successfully
Take snapshot to understand form structure

Step 3: Retrieve Company Information

Before filling the form, retrieve the user's company information:

Check memory files for stored invoice header information:
- Search memory/YYYY-MM-DD.md for recent invoice info
- Check MEMORY.md for long-term stored details
Required fields typically include:
- Company name (公司名称)
- Tax ID/Unified Social Credit Code (税号)
- Address (地址)
- Phone number (电话)
- Bank name (开户行)
- Bank account number (银行账号)

Step 4: Fill Invoice Form

Analyze the form structure using browser snapshot
Fill in company information fields
Fill in recipient information:
- Phone number (手机号)
- Email address (邮箱)
Verify all required fields are completed

Step 5: Review and Submit

Submit the form
Review confirmation page
Verify all information is correct
Report results to user

Error Handling

QR Code Not Recognized

If QR code recognition fails:

Ask user to provide the URL directly
Suggest using phone to scan and share the URL

Form Structure Changes

If the invoice system form structure changes:

Take a new snapshot
Identify updated field references
Adapt the filling process accordingly
Document the new structure for future reference

Missing Information

If required company or contact information is missing:

Ask user to provide the missing details
Update memory files with new information
Continue with the invoice application

Scripts

scan-qr.js

Primary script for QR code recognition from images using Node.js and qrcode-reader library.

Usage:

node scan-qr.js <image-path>

Requirements:

Node.js environment (v14+)
npm packages: qrcode-reader, canvas

Installation:

cd scripts
npm install qrcode-reader canvas

Output:

Decoded QR code URL on success (format: "✅ 识别成功: <url>")
Error message on failure (format: "❌ 错误: <error message>")

Technology:

Uses qrcode-reader library for QR code decoding
Canvas for image processing
Pure JavaScript implementation (no Worker required)

Memory Integration

This skill relies on stored user information in memory files:

Company Invoice Header Information (stored in MEMORY.md):

Company name
Tax ID
Address
Phone number
Bank information

Contact Information (stored in MEMORY.md):

Mobile phone numbers
Email addresses

When filling forms, always reference this information first before asking the user.

Best Practices

Always verify the decoded URL is legitimate before proceeding
Double-check all information before submission
Take snapshots at each step for documentation
Report results clearly to the user after submission
Update memory with new information if user provides corrections
Use auto-complete when available (more accurate than manual input)

Comments

Loading comments...