vietnamese-contract

Key points to consider before installing or running: - Metadata mismatch: The package includes Python scripts (cccd-ocr.py, vn-spellcheck.py) but 'python' is not declared in required binaries. Ask the author to declare 'python' (and exact version) or update installation instructions. - Missing referenced file: SKILL.md refers to /mnt/skills/public/docx/scripts/office/validate.py but that file is not in the bundle. Confirm where validate.py comes from or include it in the package. - PII handling: The OCR script extracts Vietnamese national ID numbers (CCCD), addresses, and the workflow asks for phone, email, and bank account details. This is sensitive data — ensure you run the skill in a secure, consented environment, understand retention/deletion behavior, and do not run it on real IDs without user consent. - Install impact: The instructions ask you to run global npm and pip installs and will download ML models (~100MB). Consider running these in an isolated virtualenv or container to limit system-wide changes and supply-chain risk. - Autonomous use: The SKILL.md tries to force the agent to 'always' use this skill for many keywords. If you permit autonomous invocation, consider limiting the skill's scope or only allowing explicit user invocation so it doesn't trigger unexpectedly. - Verify offline claims: The docs claim OCR runs offline, but EasyOCR/pip will download models and the workflow can send extracted text to an online AI model. If you require fully offline processing, validate network behavior and model locations first. If you want to proceed: request the author to (1) add 'python' to required binaries, (2) include or remove the validate.py reference, (3) provide explicit privacy/consent instructions about CCCD and bank data, and (4) consider packaging an install spec or containerized environment to avoid global installs.