ClawHub

发票识别(invoice-discern) - 慧穗云

v1.0.1

使用慧穗云发票识别 API,通过上传发票影像文件(图片、PDF、OFD、ZIP)自动识别发票信息。

0· 211·0 current·0 all-time
by小毅尔勒@xiaoyierle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3), required env vars (HSY_AK, HSY_SK), and the script all align with an invoice-recognition client for the Huisuiyun API. The API host used (huisuiyun.com) matches the description.
Instruction Scope
The SKILL.md and script only instruct the agent to read the user-supplied invoice file and environment variables and call Huisuiyun endpoints. They do not attempt to read other system files or unrelated credentials. Minor note: the runtime uses HSY_API_URL and HSY_TYPE (and provides defaults) but those are not listed as required env vars in the top-level metadata—this is a scope/documentation mismatch but not a functional surprise.
Install Mechanism
There is no install spec (instruction-only) which reduces risk. One practical omission: the Python script depends on the 'requests' package but the skill metadata only declares python3; there is no instruction to install requests. This is an operational/dependency gap rather than a security concern.
Credentials
The skill asks only for HSY_AK and HSY_SK as required credentials, which is proportionate for calling the vendor API. The script also reads optional HSY_API_URL and HSY_TYPE (used to choose auth behavior); these are reasonable for configuring which API endpoint/type to use.
Persistence & Privilege
always is false, no install modifies other skills or system-wide settings, and the skill does not request persistent/system privileges. It operates only when invoked.
Assessment
This skill appears to do what it says: it uploads a user-provided invoice image/PDF/ZIP to Huisuiyun and returns the recognition results. Before installing, consider: 1) You must provide HSY_AK and HSY_SK (these are service API keys) — only give keys you trust this service with. 2) The skill will send invoice images (which may contain sensitive personal or financial data) to the external Huisuiyun API endpoint; ensure you are comfortable with that data flow and the vendor's privacy policy. 3) The Python script uses the 'requests' library but the skill doesn't install dependencies automatically—make sure the runtime has requests available. 4) Minor documentation mismatch: SKILL.md references HSY_API_URL and HSY_TYPE (optional) though only HSY_AK/HSY_SK are marked required; expect to set HSY_API_URL only if you need a non-default host. If you trust the vendor and the data flow, the skill is coherent and reasonable to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pw6rnb2yszbmjwhv727ess82thc0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binspython3
EnvHSY_AK, HSY_SK
Primary envHSY_AK

Comments