ceac-visa-status-checker
v1.0.0Automatically check U.S. visa application status in CEAC (NIV), solve CEAC captcha with Zhipu vision model, and return structured status JSON. Use this when...
⭐ 0· 82·0 current·0 all-time
byTuringParty@xavierjiezou
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the included Python script all align: the script fetches the CEAC status page, extracts the captcha image, sends it to Zhipu (open.bigmodel.cn) for OCR, submits the form, and returns structured JSON. Required dependencies (requests, BeautifulSoup, lxml, dotenv) are appropriate for the task.
Instruction Scope
SKILL.md limits runtime actions to installing requirements, creating a .env with the declared fields, and running the script. The script only reads the declared env vars and interacts with ceac.state.gov and open.bigmodel.cn; it does not attempt to read unrelated files or environment variables.
Install Mechanism
There is no install spec that downloads arbitrary code; the skill is instruction + a local Python script and uses pip requirements. This is low-risk and proportionate for a Python-based tool.
Credentials
The skill requires LOCATION, NUMBER, PASSPORT_NUMBER, SURNAME and ZHIPU_API_KEY — all are directly needed to query CEAC and solve captcha. Note: sending captcha images to the third-party Zhipu endpoint may expose data embedded in the image (case numbers or other visible PII); the ZHIPU_API_KEY is the only external credential required.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or system-wide settings. It runs as an on-demand script using environment variables.
Assessment
This skill appears to do what it says: it fetches CEAC, solves the captcha via Zhipu, and returns structured JSON. Before installing, consider: (1) Privacy — the captcha image you send to Zhipu could include personally identifiable information visible on the page (case number, name); only use a Zhipu API key from a provider you trust and be comfortable with that data transfer. (2) Credentials — keep ZHIPU_API_KEY secret (use .env, don't commit it). (3) Terms-of-service and rate limits — automated scraping of CEAC may violate site terms or trigger rate limits; use responsibly. (4) Review and pin dependencies in requirements.txt and inspect the full script for any future changes before reuse. If you need stronger guarantees about data handling or a self-hosted OCR path, request modifications that avoid sending images to external services.Like a lobster shell, security has layers — review code before you run it.
latestvk978evvx8q106c9dfjb5tm74ks83h37w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.