中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
fapiao-clipper
发票夹子 v1.3 — 本地大模型驱动的发票自动识别与报销管理工具,支持PDF/OFD处理、税务验真、黑名单比对和Excel/PDF导出
A legitimate Chinese invoice management tool with no malicious behavior; moderate concerns around curl|sh in setup wizard and undeclared network/cloud API usage.
技能名称fapiao-clipper
分析耗时77.4s
引擎pi
可以安装
Declare network access (httpx calls to chinatax.gov.cn, siliconflow.cn, ollama local) and credential storage (email IMAP) in SKILL.md. Consider removing the curl|sh installer hint from the interactive wizard.

安全发现 6 项

严重性 安全发现 位置
中危
curl|sh installer hint in interactive setup wizard
setup_config.py line 159 contains 'curl -fsSL https://ollama.ai/install.sh | sh' as a setup hint presented to users in an interactive wizard. This pattern is a known high-risk indicator but here it is user-initiated and not auto-executed. The hint is not declared in SKILL.md's capability declarations.
curl -fsSL https://ollama.ai/install.sh | sh
→ Replace the curl|sh hint with safer download instructions or document it explicitly in SKILL.md under the shell:WRITE capability.
 setup_config.py:159
中危
Undeclared email credential collection and storage
setup_config.py prompts users for IMAP username and app-specific password, then writes them in plaintext to config/config.yaml. The SKILL.md does not declare environment or filesystem access for credential storage.
pw = ask("App专用密码(在appleid.apple.com生成)")
password: " + pw + "
→ Document credential storage in SKILL.md. Consider using a secrets manager instead of plaintext config.yaml.
 setup_config.py:66
低危
Undeclared network access (httpx)
The codebase uses httpx for: (1) fetching tax bureau blacklist from chinatax.gov.cn, (2) calling SiliconFlow cloud OCR API, (3) downloading invoice links from emails with redirect following. None of these are declared in SKILL.md's capability section.
import httpx (used for blacklist fetch and link downloads)
→ Add network:READ to the declared capability map in SKILL.md, listing the domains accessed.
 invoice_clipper/blacklist.py:1
低危
Version mismatch between SKILL.md and setup_config.py
SKILL.md describes v1.3 with a 2-level cascade (PyMuPDF → Qwen3-VL). The setup_config.py is v1.1 and describes a 4-level cascade including GLM-OCR and TurboQuant. The SKILL.md '二级降级链' section correctly describes the current version's behavior.
发票夹子 · 交互式配置向导 (v1.1)
→ Update setup_config.py to v1.3 and align the engine descriptions with SKILL.md.
 setup_config.py:1
提示
SiliconFlow cloud API sends invoice data externally
If the user configures the SiliconFlow provider (choice '3' in setup), invoice images/PDFs are sent to api.siliconflow.cn for OCR. While this is documented in setup prompts, SKILL.md emphasizes local-only processing and does not mention this cloud option prominently.
注册: https://account.siliconflow.cn/zh/login?redirect=https%3A%2F%2Fcloud.siliconflow.cn
→ Add a prominent note in SKILL.md about the optional SiliconFlow cloud API and its data handling implications.
 setup_config.py:167
提示
Email link following with redirect support
The email_watcher downloads invoice files by following HTTP redirects (httpx follow_redirects=True). While scoped to invoice-related URLs via keyword filtering, this could theoretically redirect to unexpected destinations.
with httpx.Client(follow_redirects=True, timeout=timeout) as client:
→ Consider adding domain allowlisting for link downloads beyond the current keyword filter.
 invoice_clipper/email_watcher.py:87
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 Creates SQLite DB and archives in ~/Documents/发票夹子/, writes Excel/PDF exports — …
网络访问 NONE READ ✗ 越权 httpx GET to chinatax.gov.cn (blacklist), siliconflow.cn (cloud OCR), localhost …
环境变量 NONE READ ✓ 一致 Email credentials (IMAP username/password) stored in config.yaml; setup_config.p…
命令执行 NONE WRITE ✓ 一致 setup_config.py:159 contains curl|sh for Ollama install as user-facing hint
数据库 NONE WRITE ✓ 一致 SQLite read/write to ~/Documents/发票夹子/invoices.db — local storage, not declared
1 严重 1 高危 17 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://ollama.ai/install.sh | sh
setup_config.py:159
🔑
高危 API 密钥 疑似硬编码凭证
api_key: "YOUR_SILICONFLOW_API_KEY"
config/config.example.yaml:58
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/skills/fapiao-clipper
CLAWHUB.md:12
🔗
中危 外部 URL 外部 URL
https://openclaw.ai
README.md:240
🔗
中危 外部 URL 外部 URL
https://clawhub.ai
README.md:240
🔗
中危 外部 URL 外部 URL
https://img.shields.io/github/stars/Alan5168/fapiao-clipper?style=social
README.md:285
🔗
中危 外部 URL 外部 URL
https://www.xiaohongshu.com
README.md:312
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:11434
config/config.example.yaml:44
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:8080
config/config.example.yaml:52
🔗
中危 外部 URL 外部 URL
https://api.siliconflow.cn/v1
config/config.example.yaml:59
🔗
中危 外部 URL 外部 URL
http://host.docker.internal:11434
docker-compose.yml:20
🔗
中危 外部 URL 外部 URL
https://www.chinatax.gov.cn/
invoice_clipper/blacklist.py:6
🔗
中危 外部 URL 外部 URL
https://www.chinatax.gov.cn
invoice_clipper/blacklist.py:167
🔗
中危 外部 URL 外部 URL
https://ollama.ai/install.sh
setup_config.py:159
🔗
中危 外部 URL 外部 URL
https://account.siliconflow.cn/zh/login?redirect=https%3A%2F%2Fcloud.siliconflow.cn&invitation=wV34tYbt
setup_config.py:168
📧
提示 邮箱 邮箱地址
[email protected]
README.md:46
📧
提示 邮箱 邮箱地址
[email protected]
config/config.example.yaml:81

目录结构

23 文件 · 129.5 KB · 3903 行
Python 16f · 3242L Markdown 3f · 520L YAML 2f · 122L Text 1f · 12L Shell 1f · 7L
├─ 📁 config
│ └─ 📋 config.example.yaml YAML 96L · 3.6 KB
├─ 📁 invoice_clipper
│ ├─ 📁 engines
│ │ ├─ 🐍 __init__.py Python 20L · 774 B
│ │ ├─ 🐍 base.py Python 42L · 1.1 KB
│ │ ├─ 🐍 ollama_vision.py Python 200L · 6.6 KB
│ │ └─ 🐍 pdf_text.py Python 310L · 9.7 KB
│ ├─ 🐍 __init__.py Python 4L · 222 B
│ ├─ 🐍 blacklist.py Python 429L · 15.1 KB
│ ├─ 🐍 database.py Python 217L · 7.7 KB
│ ├─ 🐍 email_watcher.py Python 241L · 8.0 KB
│ ├─ 🐍 exporter.py Python 344L · 13.0 KB
│ ├─ 🐍 file_processor.py Python 149L · 4.4 KB
│ ├─ 🐍 pdf_extractor_odl.py Python 177L · 5.1 KB
│ ├─ 🐍 processor.py Python 169L · 6.3 KB
│ ├─ 🐍 recognizer.py Python 81L · 2.9 KB
│ └─ 🐍 verifier.py Python 296L · 12.0 KB
├─ 📝 CLAWHUB.md Markdown 97L · 2.0 KB
├─ 📋 docker-compose.yml YAML 26L · 927 B
├─ 🔧 invoice.sh Shell 7L · 303 B
├─ 🐍 main.py Python 326L · 10.9 KB
├─ 📝 README.md Markdown 313L · 7.4 KB
├─ 📄 requirements.txt Text 12L · 257 B
├─ 🐍 setup_config.py Python 237L · 7.8 KB
└─ 📝 SKILL.md Markdown 110L · 3.3 KB

依赖分析 8 项

包名版本来源已知漏洞备注
pymupdf >=1.24.0 pip Version pinned at minimum
openpyxl >=3.1.0 pip Version pinned at minimum
pyyaml >=6.0 pip Version pinned at minimum
httpx >=0.27.0 pip Version pinned at minimum
easyofd >=0.0.9 pip Version pinned at minimum
tqdm >=4.66.0 pip Version pinned at minimum
paddlepaddle >=3.0.0 pip Optional; version pinned at minimum
paddleocr >=2.7.0 pip Optional; version pinned at minimum

安全亮点

✓ No credential harvesting (no SSH, AWS, or .env file access)
✓ No data exfiltration — all local invoice data stays in SQLite
✓ No base64-encoded payloads or obfuscated code execution
✓ No reverse shell, C2 communication, or suspicious network patterns
✓ No hidden HTML instructions or steganography detected
✓ No eval(), exec(), or dynamic code generation from untrusted sources
✓ No subprocess calls in main execution paths — only in optional setup wizard
✓ Standard open-source Python dependencies (PyMuPDF, httpx, openpyxl, pyyaml)
✓ Database stored locally in user's home directory with no network exposure
✓ Email credentials are user-provided via interactive prompts, not harvested from system
✓ SKILL.md provides clear description of functionality and architecture