Train Ticket Ocr
v1.0.3支持从火车票中识别出发站、到达站、车次、座位号、票价、乘车日期、身份证号及售票点信息
⭐ 0· 115·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, scripts/main.py and references/api-docs.md all consistently implement a train-ticket OCR client that uploads a local image and returns structured fields. The requested credential (SCNET_API_KEY) and optional SCNET_API_BASE align with the stated purpose.
Instruction Scope
Runtime instructions and the Python script read a local file path and POST the image to https://api.scnet.cn/api/llm/v1/ocr/recognize (default). This is expected for an OCR skill, but it means image data — potentially including names and ID numbers — is transmitted to a third-party service; users should confirm they trust the provider and its data-retention/privacy policies. Minor note: the example command references a .claude/skills/... path which may not match the packaged script location (scripts/main.py); this is a usability inconsistency rather than a security red flag.
Install Mechanism
No install spec; code is instruction-only plus a small Python script that uses the requests library. Nothing downloads or executes external code beyond normal HTTP requests. The only dependency is requests (pip), which is proportionate to the task.
Credentials
The skill requires a single service credential (SCNET_API_KEY) and an optional SCNET_API_BASE — appropriate for a cloud OCR integration. However, registry metadata at the top of the evaluation incorrectly listed 'Required env vars: none' while SKILL.md and skill.yaml declare SCNET_API_KEY as required; this metadata inconsistency should be resolved before trust decisions. The script reads a config/.env file under its own directory (no system-wide credentials accessed).
Persistence & Privilege
always:false and no code that modifies other skills or system-wide configuration. The skill runs on-demand and requires the agent to invoke the script; autonomous invocation is permitted (platform default) but not combined with any unusual privileges here.
Assessment
This skill implements a straightforward client that uploads local ticket images to Scnet's OCR API and returns structured JSON. Before installing or using it: 1) Confirm you trust https://api.scnet.cn and review its privacy/data-retention policy because images can contain sensitive personal data (names, ID numbers, ticket numbers). 2) Provide the SCNET_API_KEY only via a protected configuration method (environment variable or config/.env with 600 permissions) and avoid pasting the key into chat. 3) Verify the registry metadata vs. the skill files (the package claims no required env var in the registry summary but the skill actually requires SCNET_API_KEY). 4) Consider using a dedicated/limited API key and rotating it if the skill is no longer used. 5) Ensure the example invocation path matches your deployment (the README/example references a .claude path that may differ from the packaged scripts). If you need higher assurance, contact the skill author or use your own hosted OCR service instead.Like a lobster shell, security has layers — review code before you run it.
latestvk97868yb5j6sygr6cf5ed28y5s84z0bt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.