Scan Report
5 /100
xfei-invoice
iFlytek OCR-based invoice and receipt recognition skill
Legitimate iFlytek OCR invoice recognition skill with no malicious behavior detected. The code performs exactly as documented - reads invoice images, authenticates with the declared API using HMAC-SHA256, and returns OCR results.
Safe to install
This skill is safe to use. Ensure environment variables XFEI_APP_ID, XFEI_API_KEY, and XFEI_API_SECRET are properly secured and scoped to the minimum required permissions.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | invoice.py:103-108 reads user-specified image files only |
| Network | READ | READ | ✓ Aligned | invoice.py:130-150 POSTs to declared API endpoint api.xf-yun.com |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
| Environment | READ | READ | ✓ Aligned | invoice.py:193-197 reads XFEI_* credentials for API auth only |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
3 findings
Medium External URL 外部 URL
https://console.xfyun.cn SKILL.md:19 Medium External URL 外部 URL
https://api.xf-yun.com/v1/private/sc45f0684 SKILL.md:81 Medium External URL 外部 URL
https://www.xfyun.cn/services/Invoice_recognition?target=price SKILL.md:98 File Tree
3 files · 18.3 KB · 452 lines Python 1f · 240L
Markdown 1f · 205L
JSON 1f · 7L
├─
▾
.claude
│ └─
settings.local.json
JSON
├─
▾
scripts
│ └─
invoice.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library - no third-party dependencies that could introduce supply chain risks
✓ Code is clean, readable, and matches documentation exactly
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques
✓ No subprocess or shell execution
✓ API credentials used only for authentication to declared endpoint
✓ HMAC-SHA256 signature is industry-standard authentication pattern
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration behavior
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ No network connections to unexpected IPs or domains