ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

poocr vatinvoice2excel

使用 poocr 库识别发票并导出 Excel。当用户需要识别增值税发票、批量处理发票文件或提取发票信息到 Excel 时调用此技能。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 16 · 0 current installs · 0 all-time installs
by程序员晚枫@CoderWanFeng
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md clearly relies on the poocr library and Tencent Cloud SecretId/SecretKey to perform VAT invoice OCR and export to Excel, which fits the claimed purpose. However, the skill metadata lists no required environment variables or primary credential, and the source/homepage are unknown — the declared requirements do not match what the instructions actually need.
Instruction Scope
Instructions stay within the stated purpose (install poocr, call VatInvoiceOCR2Excel, supply input/output paths). However they show hardcoding of SecretId/SecretKey into code examples rather than encouraging safer practices (env vars or secret stores). The SKILL.md points the user to a shortlink (https://curl.qcloud.com/9ExTmaya) to obtain Tencent Cloud keys — this is expected for a Tencent-backed library but the shortlink should be verified.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md instructs 'pip install poocr'. Using PyPI is common but has inherent supply-chain risk; the skill provides no provenance (source repo or homepage) for the poocr package or for this skill itself.
!
Credentials
The runtime requires Tencent Cloud SecretId and SecretKey, yet the skill metadata lists no required env vars or primary credential. Asking for cloud API credentials is proportionate to OCR via Tencent Cloud, but the omission in metadata and examples that hardcode credentials increases risk (credential leakage, poor handling).
Persistence & Privilege
The skill is user-invocable, not always-on, and instruction-only. It does not request persistent presence or claim to modify other skills or system settings.
What to consider before installing
This skill appears to do what it claims (use poocr + Tencent Cloud to OCR invoices) but the registry metadata fails to declare the required Tencent Cloud credentials and the skill has no source/homepage. Before installing: verify the poocr package and its PyPI/project repository; confirm the curl.qcloud.com link is legitimate; avoid hardcoding SecretId/SecretKey in code (use environment variables or a secrets manager); limit and rotate the API keys you provide; test in an isolated environment; and prefer a skill with clear provenance and declared credentials in its metadata.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97dpybhrdndceh15t79kkvvzs830a0y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

POOCR 发票识别技能

这个技能使用 poocr 库(基于腾讯云 AI)实现增值税发票的 OCR 识别,并将识别结果保存为 Excel 文件。

功能特性

  • 支持单张发票识别
  • 支持批量识别文件夹中的发票
  • 支持多种发票格式:PDF、JPG、PNG
  • 自动提取发票关键信息:发票号码、开票日期、金额、税额等
  • 结果直接导出为 Excel 格式

使用方法

1. 安装依赖

pip install poocr

2. 配置腾讯云 API 密钥

需要获取腾讯云 API 的 SecretId 和 SecretKey:

3. 代码示例

import poocr

# 单张发票识别并导出 Excel
poocr.ocr2excel.VatInvoiceOCR2Excel(
    input_path='发票文件路径.pdf',
    output_path='输出目录',
    id='你的SecretId',
    key='你的SecretKey'
)

# 批量识别文件夹中的发票
poocr.ocr2excel.VatInvoiceOCR2Excel(
    input_path='发票文件夹路径',
    output_path='输出目录',
    id='你的SecretId',
    key='你的SecretKey'
)

参数说明

参数类型说明
input_pathstr发票文件路径或包含发票的文件夹路径
output_pathstr输出 Excel 文件的目录路径
idstr腾讯云 API SecretId
keystr腾讯云 API SecretKey

使用场景

  1. 财务报销:批量识别员工提交的发票,自动提取关键信息
  2. 税务处理:快速整理大量发票数据用于税务申报
  3. 数据录入:将纸质发票或电子发票信息数字化
  4. 审计工作:批量处理发票数据进行分析

注意事项

  1. 确保腾讯云 API 密钥有效且有足够的调用额度
  2. 支持的发票类型:增值税普通发票、增值税专用发票等
  3. 图片质量会影响识别准确率,建议使用清晰的发票图片或 PDF
  4. 批量处理时,程序会自动遍历文件夹中的所有发票文件

完整示例代码

import poocr
import os

class InvoiceOCR:
    def __init__(self, secret_id, secret_key):
        self.SecretId = secret_id
        self.SecretKey = secret_key
    
    def recognize_invoice(self, input_path, output_path):
        """识别发票并导出 Excel"""
        if not os.path.exists(input_path):
            raise FileNotFoundError(f"文件不存在: {input_path}")
        
        poocr.ocr2excel.VatInvoiceOCR2Excel(
            input_path=input_path,
            output_path=output_path,
            id=self.SecretId,
            key=self.SecretKey
        )
        
        print(f"发票识别完成,结果已保存到: {output_path}")

# 使用示例
if __name__ == "__main__":
    ocr = InvoiceOCR(
        secret_id="你的SecretId",
        secret_key="你的SecretKey"
    )
    
    ocr.recognize_invoice(
        input_path="../test_files/VatInvoiceOCR",
        output_path="../test_files/VatInvoiceOCR"
    )

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…