ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

发票票据识别虾

v1.0.0

发票票据识别虾 — 自动识别发票/票据图片,提取关键字段(金额、日期、商家、税号等),支持批量处理、费用分类、税务验真,并可写入飞书多维表格或导出 Excel。 当以下情况时使用此 Skill: (1) 用户上传发票图片(JPG/PNG/PDF),要求识别或录入 (2) 需要批量处理多张发票,生成汇总表 (3)...

0· 115·0 current·0 all-time
byRicky@tujinsama

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tujinsama/invoice-ocr-extractor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "发票票据识别虾" (tujinsama/invoice-ocr-extractor) from ClawHub.
Skill page: https://clawhub.ai/tujinsama/invoice-ocr-extractor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install invoice-ocr-extractor

ClawHub CLI

Package manager switcher

npx clawhub@latest install invoice-ocr-extractor
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (invoice OCR, tax verify, Feishu export) matches the provided scripts (extract-invoice.py, fill-expense-form.py). However, the skill metadata lists no required environment variables while both SKILL.md and the scripts clearly expect OCR/tax/Feishu credentials — this is an omission/inconsistency (not necessarily malicious) and reduces transparency.
Instruction Scope
Runtime instructions are narrowly scoped to: download images (feishu_im_bot_image), run local Python scripts for OCR/batch/export, optionally call tax verification, and produce Excel/Feishu output. They also describe a fallback of sending images to an AI model for visual analysis (i.e., the agent/model will see image contents). The instructions reference external APIs and credential env vars (Baidu/Alipay/TAX_VERIFY) not declared in metadata. No instructions request unrelated system files or broad data collection.
Install Mechanism
No install spec; it's instruction-plus-scripts only. The scripts only suggest installing common Python libs (pillow/requests/pandas). There are no downloads from arbitrary URLs or archive extraction steps. This is low install risk.
!
Credentials
The code and SKILL.md expect sensitive environment variables: BAIDU_OCR_API_KEY, BAIDU_OCR_SECRET_KEY, ALIYUN_OCR_ACCESS_KEY and TAX_VERIFY_API_KEY (and implicitly Feishu API credentials if automatic writes are enabled). Yet the skill registry metadata declares no required envs/primary credential. Requesting API keys for the OCR/tax services is reasonable for the stated purpose, but not declaring them is an inconsistency that could lead to accidental credential exposure or surprise. The TAX_VERIFY endpoint is also hard-coded to https://inv.chinatax.gov.cn/api/verify — you should verify that this is an official, documented API and that the key scope is minimal.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent platform-level presence or claim to modify other skills or agent-wide config. It will send images/results to external services when configured, which is expected for OCR/tax verification.
What to consider before installing
This skill appears to implement invoice OCR and export as described, but it references multiple API keys (Baidu OCR, Aliyun OCR, TAX_VERIFY) and Feishu integration that are not listed in the skill metadata — that mismatch reduces transparency. Before installing or providing secrets: (1) Confirm which API keys you must provide and restrict them to least privilege and a dedicated account; (2) Verify the TAX_VERIFY endpoint (https://inv.chinatax.gov.cn/api/verify) is an official, documented API for programmatic checks; (3) Understand that if no OCR keys are configured the workflow will send images to the AI model for visual extraction — ensure that's acceptable for your privacy policy; (4) Run the scripts in a sandbox on non-sensitive invoices first and audit network requests (requests library) to see where data is sent; (5) If you intend to enable automatic Feishu writes, prepare a Feishu service account with limited scope and do not reuse high-privilege tokens. If you want, I can list the exact lines/files that reference each environment variable and endpoint so you can verify them.

Like a lobster shell, security has layers — review code before you run it.

latestvk971cm5n4dksq78553388844y5856x63
115downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Ricky@tujinsama
latest
Download

发票票据识别虾

工作流程

[发票图片/PDF] → [图像预处理] → [OCR识别] → [字段提取] → [数据校验] → [入库/填表]

步骤

1. 接收输入

  • 用户发送发票图片(飞书消息中的图片/文件)→ 用 feishu_im_bot_image 下载到本地
  • 批量场景:用户提供文件夹路径或多张图片

2. OCR 识别

调用 scripts/extract-invoice.py 进行识别:

# 单张
python3 scripts/extract-invoice.py extract --file <图片路径>

# 批量
python3 scripts/extract-invoice.py batch --dir <目录> --output results.xlsx

OCR 优先级

  1. 百度发票识别 API(BAIDU_OCR_API_KEY + BAIDU_OCR_SECRET_KEY
  2. 阿里发票识别 API(ALIYUN_OCR_ACCESS_KEY
  3. 降级:使用 AI 视觉能力直接分析图片(无需 API key,准确率略低)

若无 OCR API,直接将图片发给 AI 模型,用视觉能力提取字段,并说明"使用 AI 视觉识别,建议人工复核金额"。

3. 提取标准字段

字段说明
invoice_type发票类型(增值税专票/普票/电子发票/机票/火车票/餐饮/住宿/出租车)
invoice_code发票代码(10或12位)
invoice_number发票号码(8位)
invoice_date开票日期(YYYY-MM-DD)
seller_name销售方名称
buyer_name购买方名称
amount不含税金额
tax_rate税率
tax_amount税额
total_amount价税合计
expense_category费用分类(见 references/expense-categories.md)
confidence识别置信度(high/medium/low)

4. 数据校验

  • 金额校验:amount + tax_amount ≈ total_amount(误差 < 0.01)
  • 日期合理性:开票日期不能是未来日期
  • 发票代码格式:10位或12位纯数字
  • 重复发票检测:同一 invoice_code + invoice_number 组合视为重复

5. 费用分类

参考 references/expense-categories.md 自动分类。

6. 输出

根据用户需求选择输出方式:

飞书多维表格(推荐):

  • 参考 feishu-bitable skill,将结果写入多维表格
  • 字段映射见上方标准字段表

Excel 导出

python3 scripts/extract-invoice.py batch --dir ./invoices --output results.xlsx

直接回复:单张发票直接在对话中展示提取结果

税务验真(可选)

仅对增值税专票/普票有效:

python3 scripts/extract-invoice.py verify \
  --code <发票代码> \
  --number <发票号码> \
  --date <开票日期> \
  --amount <金额>

结果:真实 / 虚假 / 已作废 / 已冲红

税务验真 API 有每日免费额度,批量验真时注意控制频率。

注意事项

  • 图片模糊时,提示用户重新拍摄(建议 300DPI 以上)
  • 金额 > 1000 元时,建议提示用户人工复核
  • 不支持手写收据和外文发票
  • 批量处理时,自动去重(相同发票代码+号码只录入一次)

参考文件

  • references/invoice-types.md — 各类发票版面特征
  • references/field-extraction.md — 字段提取规则
  • references/expense-categories.md — 费用分类规则
  • references/tax-verification.md — 税务验真接口说明

Comments

Loading comments...