ClawHub

银行流水解析,流水报告生成等

v1.0.7

流水报告生成,基于用户输入的Excel/PDF流水文件路径和问题,自动上传文件并生成分析报告。

1· 268·0 current·0 all-time
by@ufcfengbin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (bank statement upload and report generation) matches the included scripts and SKILL.md. The scripts post files and report requests to ziya.dfwytech.com and use a Bearer token (ZY_TOKEN) as expected for an API-backed service.
Instruction Scope
SKILL.md confines activity to: locate a local file, call upload_file.py to upload it, then call generate_report.py. This is within the stated purpose. Minor inconsistency: SKILL.md references script paths under /models/openclaw/skills/flow/scripts/... while the packaged files live in scripts/ — this may require adjusting paths at runtime. The instructions explicitly upload user files to an external server (necessary for the feature) — this is expected but is a privacy consideration rather than incoherence.
Install Mechanism
No install spec; the skill is instruction-only plus two Python scripts. No network downloads or archive extraction occur at install time. Execution requires a Python runtime and network access, which is proportional to the task.
Credentials
Only the primary credential ZY_TOKEN is used and is required for API Authorization. The scripts accept the token as an argument or via ZY_TOKEN environment variable — consistent and proportionate to the described API usage.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide or other-skills configuration changes. It runs on demand and does not request elevated persistence privileges.
Assessment
This skill appears coherent (it uploads files to a remote API and generates a report using ZY_TOKEN). The primary risk is privacy: bank statements are highly sensitive and will be transmitted to https://ziya.dfwytech.com. Before installing/use, do the following: 1) Confirm you trust the service operator and understand their privacy/storage/retention policy (no homepage or publisher info is provided). 2) Verify the token's scope and rotate it if possible; do not reuse a high-privilege credential. 3) Test with non-sensitive sample files first. 4) Run the skill in an isolated environment or sandbox and monitor outbound network requests to ensure endpoints match expectations. 5) Fix the script path references in SKILL.md if needed so the agent runs the correct files. If you cannot verify the service operator or privacy practices, treat this as high-risk for real bank data and avoid uploading sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brferxjjz08efckz7x0akgx835szw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Primary envZY_TOKEN

Comments