ClawHub

Invoice Verification - 发票查验

v1.0.4

按发票代码、号码、日期、金额等查验发票真伪与详情。当用户说:帮我验一下这张增值税发票、这张票能不能报销查验?或类似发票查验时,使用本技能。

9· 388·0 current·0 all-time
by极速数据@jisuapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the Python script all implement invoice verification via JisuAPI. The required env var JISU_API_KEY and the external endpoints (api.jisuapi.com) align with the stated purpose; required binary python3 is reasonable.
Instruction Scope
Runtime instructions tell the agent to call the included script with a JSON payload and to set JISU_API_KEY. The script only reads the provided JSON and JISU_API_KEY and issues HTTPS requests to api.jisuapi.com; it does not read unrelated files, system credentials, or forward data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However, the included Python script depends on the third‑party 'requests' package which is not declared in the metadata or install instructions — a functional/dependency mismatch (operational, not obviously malicious). Ensure the runtime has requests available or add an install step (pip install requests).
Credentials
Only a single API credential (JISU_API_KEY) is required and is the stated primary credential. No other secrets, config paths, or unrelated environment variables are requested.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. It does not modify other skills or system config. Autonomous invocation is allowed (platform default) but is not combined with other red flags.
Assessment
This skill appears to do what it claims: it calls JisuAPI to verify invoice details and only needs the JISU_API_KEY. Before installing, ensure you: 1) provide a valid JISU_API_KEY and do not share it publicly (the key grants queries to your JisuAPI account); 2) allow outbound HTTPS to api.jisuapi.com because the script makes network calls; 3) install the Python 'requests' package in the runtime (the script requires it but the skill metadata does not declare it); 4) review JisuAPI pricing/rate limits and data-retention policies (requests consume your quota and may include sensitive invoice data); and 5) if you have strict security policies, consider running the script in an isolated environment since it transmits invoice data to a third-party API. Overall the skill is internally coherent and not suspicious, aside from the undeclared dependency.

Like a lobster shell, security has layers — review code before you run it.

latestvk977b4swyzxsfk34r8a60fep0n845hen

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧾 Clawdis
Binspython3
EnvJISU_API_KEY
Primary envJISU_API_KEY

Comments