中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:2 days ago Rescan
20 /100
fapiao-clipper
发票夹子 v1.3 — 本地大模型驱动的发票自动识别与报销管理工具,支持PDF/OFD处理、税务验真、黑名单比对和Excel/PDF导出
A legitimate Chinese invoice management tool with no malicious behavior; moderate concerns around curl|sh in setup wizard and undeclared network/cloud API usage.
Skill Namefapiao-clipper
Duration77.4s
Enginepi
Safe to install
Declare network access (httpx calls to chinatax.gov.cn, siliconflow.cn, ollama local) and credential storage (email IMAP) in SKILL.md. Consider removing the curl|sh installer hint from the interactive wizard.

Findings 6 items

Severity Finding Location
Medium
curl|sh installer hint in interactive setup wizard
setup_config.py line 159 contains 'curl -fsSL https://ollama.ai/install.sh | sh' as a setup hint presented to users in an interactive wizard. This pattern is a known high-risk indicator but here it is user-initiated and not auto-executed. The hint is not declared in SKILL.md's capability declarations.
curl -fsSL https://ollama.ai/install.sh | sh
→ Replace the curl|sh hint with safer download instructions or document it explicitly in SKILL.md under the shell:WRITE capability.
 setup_config.py:159
Medium
Undeclared email credential collection and storage
setup_config.py prompts users for IMAP username and app-specific password, then writes them in plaintext to config/config.yaml. The SKILL.md does not declare environment or filesystem access for credential storage.
pw = ask("App专用密码(在appleid.apple.com生成)")
password: " + pw + "
→ Document credential storage in SKILL.md. Consider using a secrets manager instead of plaintext config.yaml.
 setup_config.py:66
Low
Undeclared network access (httpx)
The codebase uses httpx for: (1) fetching tax bureau blacklist from chinatax.gov.cn, (2) calling SiliconFlow cloud OCR API, (3) downloading invoice links from emails with redirect following. None of these are declared in SKILL.md's capability section.
import httpx (used for blacklist fetch and link downloads)
→ Add network:READ to the declared capability map in SKILL.md, listing the domains accessed.
 invoice_clipper/blacklist.py:1
Low
Version mismatch between SKILL.md and setup_config.py
SKILL.md describes v1.3 with a 2-level cascade (PyMuPDF → Qwen3-VL). The setup_config.py is v1.1 and describes a 4-level cascade including GLM-OCR and TurboQuant. The SKILL.md '二级降级链' section correctly describes the current version's behavior.
发票夹子 · 交互式配置向导 (v1.1)
→ Update setup_config.py to v1.3 and align the engine descriptions with SKILL.md.
 setup_config.py:1
Info
SiliconFlow cloud API sends invoice data externally
If the user configures the SiliconFlow provider (choice '3' in setup), invoice images/PDFs are sent to api.siliconflow.cn for OCR. While this is documented in setup prompts, SKILL.md emphasizes local-only processing and does not mention this cloud option prominently.
注册: https://account.siliconflow.cn/zh/login?redirect=https%3A%2F%2Fcloud.siliconflow.cn
→ Add a prominent note in SKILL.md about the optional SiliconFlow cloud API and its data handling implications.
 setup_config.py:167
Info
Email link following with redirect support
The email_watcher downloads invoice files by following HTTP redirects (httpx follow_redirects=True). While scoped to invoice-related URLs via keyword filtering, this could theoretically redirect to unexpected destinations.
with httpx.Client(follow_redirects=True, timeout=timeout) as client:
→ Consider adding domain allowlisting for link downloads beyond the current keyword filter.
 invoice_clipper/email_watcher.py:87
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned Creates SQLite DB and archives in ~/Documents/发票夹子/, writes Excel/PDF exports — …
Network NONE READ ✗ Violation httpx GET to chinatax.gov.cn (blacklist), siliconflow.cn (cloud OCR), localhost …
Environment NONE READ ✓ Aligned Email credentials (IMAP username/password) stored in config.yaml; setup_config.p…
Shell NONE WRITE ✓ Aligned setup_config.py:159 contains curl|sh for Ollama install as user-facing hint
Database NONE WRITE ✓ Aligned SQLite read/write to ~/Documents/发票夹子/invoices.db — local storage, not declared
1 Critical 1 High 17 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://ollama.ai/install.sh | sh
setup_config.py:159
🔑
High API Key 疑似硬编码凭证
api_key: "YOUR_SILICONFLOW_API_KEY"
config/config.example.yaml:58
🔗
Medium External URL 外部 URL
https://clawhub.ai/skills/fapiao-clipper
CLAWHUB.md:12
🔗
Medium External URL 外部 URL
https://openclaw.ai
README.md:240
🔗
Medium External URL 外部 URL
https://clawhub.ai
README.md:240
🔗
Medium External URL 外部 URL
https://img.shields.io/github/stars/Alan5168/fapiao-clipper?style=social
README.md:285
🔗
Medium External URL 外部 URL
https://www.xiaohongshu.com
README.md:312
🔗
Medium External URL 外部 URL
http://127.0.0.1:11434
config/config.example.yaml:44
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080
config/config.example.yaml:52
🔗
Medium External URL 外部 URL
https://api.siliconflow.cn/v1
config/config.example.yaml:59
🔗
Medium External URL 外部 URL
http://host.docker.internal:11434
docker-compose.yml:20
🔗
Medium External URL 外部 URL
https://www.chinatax.gov.cn/
invoice_clipper/blacklist.py:6
🔗
Medium External URL 外部 URL
https://www.chinatax.gov.cn
invoice_clipper/blacklist.py:167
🔗
Medium External URL 外部 URL
https://ollama.ai/install.sh
setup_config.py:159
🔗
Medium External URL 外部 URL
https://account.siliconflow.cn/zh/login?redirect=https%3A%2F%2Fcloud.siliconflow.cn&invitation=wV34tYbt
setup_config.py:168
📧
Info Email 邮箱地址
[email protected]
README.md:46
📧
Info Email 邮箱地址
[email protected]
config/config.example.yaml:81

File Tree

23 files · 129.5 KB · 3903 lines
Python 16f · 3242L Markdown 3f · 520L YAML 2f · 122L Text 1f · 12L Shell 1f · 7L
├─ 📁 config
│ └─ 📋 config.example.yaml YAML 96L · 3.6 KB
├─ 📁 invoice_clipper
│ ├─ 📁 engines
│ │ ├─ 🐍 __init__.py Python 20L · 774 B
│ │ ├─ 🐍 base.py Python 42L · 1.1 KB
│ │ ├─ 🐍 ollama_vision.py Python 200L · 6.6 KB
│ │ └─ 🐍 pdf_text.py Python 310L · 9.7 KB
│ ├─ 🐍 __init__.py Python 4L · 222 B
│ ├─ 🐍 blacklist.py Python 429L · 15.1 KB
│ ├─ 🐍 database.py Python 217L · 7.7 KB
│ ├─ 🐍 email_watcher.py Python 241L · 8.0 KB
│ ├─ 🐍 exporter.py Python 344L · 13.0 KB
│ ├─ 🐍 file_processor.py Python 149L · 4.4 KB
│ ├─ 🐍 pdf_extractor_odl.py Python 177L · 5.1 KB
│ ├─ 🐍 processor.py Python 169L · 6.3 KB
│ ├─ 🐍 recognizer.py Python 81L · 2.9 KB
│ └─ 🐍 verifier.py Python 296L · 12.0 KB
├─ 📝 CLAWHUB.md Markdown 97L · 2.0 KB
├─ 📋 docker-compose.yml YAML 26L · 927 B
├─ 🔧 invoice.sh Shell 7L · 303 B
├─ 🐍 main.py Python 326L · 10.9 KB
├─ 📝 README.md Markdown 313L · 7.4 KB
├─ 📄 requirements.txt Text 12L · 257 B
├─ 🐍 setup_config.py Python 237L · 7.8 KB
└─ 📝 SKILL.md Markdown 110L · 3.3 KB

Dependencies 8 items

PackageVersionSourceKnown VulnsNotes
pymupdf >=1.24.0 pip No Version pinned at minimum
openpyxl >=3.1.0 pip No Version pinned at minimum
pyyaml >=6.0 pip No Version pinned at minimum
httpx >=0.27.0 pip No Version pinned at minimum
easyofd >=0.0.9 pip No Version pinned at minimum
tqdm >=4.66.0 pip No Version pinned at minimum
paddlepaddle >=3.0.0 pip No Optional; version pinned at minimum
paddleocr >=2.7.0 pip No Optional; version pinned at minimum

Security Positives

✓ No credential harvesting (no SSH, AWS, or .env file access)
✓ No data exfiltration — all local invoice data stays in SQLite
✓ No base64-encoded payloads or obfuscated code execution
✓ No reverse shell, C2 communication, or suspicious network patterns
✓ No hidden HTML instructions or steganography detected
✓ No eval(), exec(), or dynamic code generation from untrusted sources
✓ No subprocess calls in main execution paths — only in optional setup wizard
✓ Standard open-source Python dependencies (PyMuPDF, httpx, openpyxl, pyyaml)
✓ Database stored locally in user's home directory with no network exposure
✓ Email credentials are user-provided via interactive prompts, not harvested from system
✓ SKILL.md provides clear description of functionality and architecture