扫描报告
0 /100
expense-reimbursement
Travel Expense Reimbursement Assistant - Automates receipt scanning, classification, form filling, and print package generation for Chinese corporate expense reports
This is a legitimate travel expense reimbursement assistant with comprehensive documentation, user confirmation checkpoints, and well-defined file/document processing capabilities. No malicious behavior detected.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md lines 1-50: Full workflow documents file read/write for PDFs, DOCX, ima… |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: XSD schema references for XML parsing; scripts/unzip_and_parse.py line… |
| 命令执行 | READ | READ | ✓ 一致 | SKILL.md: Documents tesseract (Linux/Windows) and qlmanage (macOS) for OCR |
| 环境变量 | READ | READ | ✓ 一致 | scripts/unzip_and_parse.py: REIMBURSEMENT_DIR env var documented and declared in… |
| 技能调用 | NONE | NONE | — | No skill invocation detected |
| 剪贴板 | NONE | NONE | — | Not used |
| 浏览器 | NONE | NONE | — | Not used |
| 数据库 | NONE | NONE | — | Not used |
2 项发现
中危 外部 URL 外部 URL
http://invoice.xsd scripts/unzip_and_parse.py:84 中危 外部 URL 外部 URL
http://www.typing/xsd scripts/unzip_and_parse.py:84 目录结构
3 文件 · 35.9 KB · 1004 行 Markdown 2f · 799L
Python 1f · 205L
├─
▾
references
│ └─
workflow.md
Markdown
├─
▾
scripts
│ └─
unzip_and_parse.py
Python
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
python-docx | latest | pip | 否 | Used for Word form reading and filling - legitimate document processing |
pypdf | latest | pip | 否 | PDF merging - legitimate document processing |
reportlab | latest | pip | 否 | Image-to-PDF conversion with A4 scaling - legitimate document processing |
Pillow | latest | pip | 否 | Image dimension reading - legitimate document processing |
安全亮点
✓ Comprehensive SKILL.md with 704 lines of clear documentation
✓ User confirmation checkpoints at Steps 5.5, 7.1, 7.3, 7.4, and 8 - prevents autonomous operation
✓ Original file protection: 00_原始资料/ always retained, deletions require explicit authorization
✓ Template requirement enforced: skill pauses if template missing, cannot skip
✓ Project code confirmation required before form filling
✓ All dependencies documented: python-docx, pypdf, reportlab, Pillow, tesseract/qlmanage
✓ Clean Python implementation using only standard libraries (zipfile, os, xml.etree.ElementTree)
✓ No credential harvesting or sensitive path access
✓ No external network requests or data exfiltration
✓ Legitimate document processing: PDF merge, image-to-PDF conversion, DOCX form filling
✓ OCR tools (tesseract/qlmanage) properly documented as dependencies
✓ Supports cross-platform (macOS/Linux/Windows) with proper platform detection
✓ Configurable paths through environment variables (documented)
✓ Automatic skipping of irrelevant files (.DS_Store, 申请截图.png)
✓ Recursive ZIP scanning properly declared for receipt processing