发票OCR与查验
Security checks across malware telemetry and agentic risk
Overview
The skill’s invoice verification purpose is clear, but it under-discloses persistent device fingerprinting and third-party handling of sensitive invoice data.
Review this skill before installing. Use it only if you are comfortable sending invoice images/text to the external provider at 51yzt.cn and with the skill creating persistent local identity files under ~/.openclaw. Confirm any recharge or purchase order manually before paying.
VirusTotal
1/65 vendors flagged this skill as malicious, and 64/65 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The service may be able to recognize the same device across sessions, even though the user is told initialization is automatic and no API key is needed.
The script creates and persists a stable device identity derived from local system, user, and network-interface information. This is not clearly disclosed in the user-facing documentation.
const parts = [ os.platform(), os.arch(), os.hostname(), safeUserName(), collectMacAddresses().join("|") ]; ... writeIdentity({ clientInstanceId: resolvedClientInstanceId, deviceFingerprint: resolvedDeviceFingerprint });Disclose the device fingerprinting clearly, explain why it is needed, what is sent to the provider, and provide a way to reset or opt out.
Invoice images and extracted invoice details can contain business, tax, and financial information that may leave the local machine for processing.
The skill sends JSON payloads with authorization headers to an external provider endpoint, while the documentation does not clearly identify this destination or describe data-handling boundaries for invoice images/text.
const DEFAULT_API_BASE_URL = "https://51yzt.cn/assetInnovate"; ... response = await fetch(`${baseUrl}${endpoint}`, { method, headers: buildHeaders(appKey, requestId), body: body ? JSON.stringify(body) : undefined });Before use, confirm you trust the provider and that sending invoice data to this endpoint is acceptable for your privacy/compliance needs.
The agent may help create paid recharge orders when the user asks to buy quota.
The skill explicitly supports recharge package lookup and order creation, which is purpose-aligned but financially meaningful.
查看充值套餐,或创建和查询充值订单时,使用这个技能。 ... 帮我购买 10 元的发票查验套餐
Only ask it to create an order when you intend to pay, and review the amount and provider before completing payment.