Invoice Compliance

The skill's code and runtime instructions mostly match its invoicing purpose, but there are clear inconsistencies around required tools, credentials, and external endpoints that you should resolve before trusting it with real invoices.

This skill appears to implement the invoice OCR, duplicate detection, and report generation it advertises, but there are important inconsistencies you should resolve before installing or using it with real data: 1) It calls external CLIs (miaoda-studio-cli) and APIs (Feishu, national tax site) but the skill metadata does not declare required binaries or any env vars for tokens — ask the vendor how tokens/app credentials are provided and stored. 2) Pro features will transmit invoice fields to external services (Feishu, tax verification endpoints); confirm exactly what is sent, where, and whether data is retained. 3) The skill documentation suggests scraping a government site and handling captchas — that may be fragile and could violate terms of service; clarify the recommended integration path (official API vs. scraping). 4) The changelog embeds an IP and a purchase URL — verify the vendor identity and hosting: ensure the skill does not phone-home to unknown servers. 5) Before trusting with sensitive invoices, run the scripts in an isolated environment, review all network calls (or instrument them), and require explicit declaration of required binaries and secure secret handling. If you cannot get satisfactory answers or a clear secure deployment guide, treat the Pro features (tax check / Feishu integration) as high-risk and avoid uploading production-sensitive invoices.