Flight Itinerary Ocr
v1.0.5支持从航空运输电子客票行程单中提取旅客姓名、身份证号、航班号、起降地、起降时间、票价、燃油附加费、民航发展基金及电子客票号码等信息识别并提取出来
⭐ 0· 114·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to extract fields from airline electronic tickets and the code + docs implement a client that uploads a local file to Scnet's OCR endpoint and returns parsed JSON — this is coherent. One minor inconsistency: the top-level registry metadata provided to you earlier listed no required env vars, while SKILL.md and skill.yaml (and the code) require SCNET_API_KEY/SCNET_API_BASE. The API credential is appropriate for the stated purpose.
Instruction Scope
SKILL.md and scripts/main.py only reference the local file path to be OCR'd and a config/.env (or environment variable) for SCNET_API_KEY; they instruct uploading the file to https://api.scnet.cn/api/llm/v1/ocr/recognize. There are no instructions to read other system files, secrets, or to transmit data to unexpected endpoints. Error messages and retry logic are present but limited to the skill's scope.
Install Mechanism
There is no install spec that downloads arbitrary code; this is effectively an instruction + small Python script that depends on Python and requests. No external archives, URL shorteners, or unusual installers are used.
Credentials
The only required secret is SCNET_API_KEY (and optional SCNET_API_BASE). That is proportionate to a client that authenticates to an OCR API. Note again the inconsistency between the registry summary (which listed no required env vars) and the included SKILL.md/skill.yaml which do declare SCNET_API_KEY as primary_credential.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges or persistently modify other skills or system-wide settings. It only reads a local config file (config/.env) and does normal network calls to the stated API endpoint.
Assessment
This skill is an OCR client that sends a local image file to Scnet's OCR API and requires a Scnet API key (SCNET_API_KEY). Before installing: 1) Expect to provide an API key — do not paste the key into chat; store it as an environment variable or in config/.env with permissions set (e.g., 600). 2) Be aware that images you send may contain sensitive PII (names, ID numbers, ticket numbers) and will be uploaded to https://api.scnet.cn — review Scnet's privacy/security policies and trustworthiness. 3) Note the small inconsistency: registry metadata earlier indicated no required env vars but the packaged files do require SCNET_API_KEY; treat the packaged files as authoritative. 4) If you need to audit network activity, confirm the endpoint and optionally test with non-sensitive images first. Overall the package appears coherent with its stated purpose, but only install/use it if you trust the external Scnet service.Like a lobster shell, security has layers — review code before you run it.
latestvk977x615tftzy02jtc3gvpp7zd84yqhf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.