Bank Card Ocr
v1.0.6支持识别中国大陆银行卡,提取卡号、持卡人姓名(拼音/中文)、有效期及发卡行信息.
⭐ 0· 139·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (bank card OCR) match the implementation: the script posts a local image file to https://api.scnet.cn/api/llm/v1/ocr/recognize and extracts fields such as cardNumber, cardHolder and validThru. The single required env var (SCNET_API_KEY) is the expected credential for the remote OCR service.
Instruction Scope
Runtime instructions and the script require access to a user-provided local file path and will upload that image to the Scnet API — this is expected for OCR but implies transmission of sensitive data (card numbers, names). The SKILL.md explicitly warns about this. The skill does not attempt to read other system files or unrelated environment variables.
Install Mechanism
This is instruction-only with a small Python script and no install spec that downloads external code. Dependencies are limited to Python and the requests library; nothing is pulled from untrusted URLs during install.
Credentials
Only SCNET_API_KEY (and optional SCNET_API_BASE) are required. No unrelated credentials, high-privilege tokens, or config paths are requested. The script reads a local config/.env if present or recommends setting an environment variable; that is consistent with the declared requirements.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system-wide settings. It runs on-demand and does not request persistent elevated privileges.
Assessment
This skill will upload any image path you give it to Scnet's OCR API, so only use it with images you are comfortable sending to that external service. Before installing: confirm you trust the Scnet domain (https://api.scnet.cn) and the vendor's privacy practices; avoid using real bank cards in production—use test data; store the SCNET_API_KEY securely (config/.env with 600 perms or an environment variable) and never paste the key in chat; rotate the API key if it may be exposed. If you need stronger assurance, verify the upstream repository/homepage and review TLS/ownership of scnet.cn. The package itself contains no unrelated credential access or hidden endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97beg6ana17wd4hv8m9csjff984yzm6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.