Shwuyeyanjiu
v1.0.0上海物业招标公告研究工具。从上海住宅物业网(962121.fgj.sh.gov.cn)获取招标公告、中标公告、评标结果公告,使用 OCR 提取项目信息(项目面积、物业费标准、停车位数量、停车管理费等),并计算饱和收入。**当以下情况时使用此 Skill**:(1) 用户要求查找某个项目的物业中标信息;(2) 用户...
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match what the code and SKILL.md do: both scrape the listed Shanghai government site (962121.fgj.sh.gov.cn), download PDFs, run OCR and extract numeric fields to compute 'saturation' revenue. Declared Python dependencies (requests, beautifulsoup4, pdf2image, pytesseract, python-dateutil) are appropriate for that purpose; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and the scripts instruct the agent to crawl the target site, download PDF files, run OCR (pdf2image + pytesseract), and parse results. This stays within the stated scope. Items worth noting: (1) the workflow can download and OCR many PDFs (bulk network + CPU/io); (2) scripts use /tmp for downloads and at least one script writes to a hardcoded user path (/Users/yujunwang/.openclaw/workspace/...), which is unexpected and should be adjusted before running; (3) SKILL.md expects system dependency poppler (not installed by the skill) and OCR accuracy requires manual verification. No instructions request unrelated local files or environment secrets.
Install Mechanism
There is no install spec — it's instruction- and script-based. The package.json lists reasonable Python package dependencies; no remote arbitrary downloads or URL-based installers are invoked by the skill itself. The only higher-risk external dependency is the system package 'poppler' (required by pdf2image), which SKILL.md documents but is a normal native dependency for OCR.
Credentials
The skill requires no environment variables, secrets, or credentials. It performs network requests to the stated public government site only. The only surprising environment-like behavior is file writes to /tmp and an unexpected hardcoded path under a specific user home; these grant the skill filesystem persistence of downloaded PDFs and CSV outputs but do not involve unrelated credentials.
Persistence & Privilege
always:false and no special privileges requested. The skill writes files (PDFs, CSVs) to disk (mostly /tmp; some scripts use a hardcoded home path). That is normal for this workload but means it will leave downloaded files and OCR outputs on the host if executed. There is no modification of other skills or system-wide configs.
Assessment
This skill appears coherent with its description — it scrapes the listed Shanghai government site, downloads PDFs, and OCRs them locally. Before installing or running: 1) Review and (if needed) change hardcoded file paths (scripts write to /tmp and a hardcoded /Users/… path) to avoid unexpected writes. 2) Ensure you have poppler and tesseract installed locally (pdf2image/pytesseract require native dependencies). 3) Be prepared for bulk downloads and CPU-heavy OCR when running batch scripts; limit page ranges or test with a single project first. 4) Confirm scraping the target site complies with its terms of use. 5) Inspect the included scripts yourself (they are plain Python) if you have low trust, and run them in an isolated environment (container/VM) if you want to limit side effects.Like a lobster shell, security has layers — review code before you run it.
latestvk978p095pc78fn3rj5atkewx6x84draa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.