← Back to Skills Marketplace
fp-skill
by
serendipity2430
· GitHub ↗
· v0.0.1
· MIT-0
268
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install fp-skill
Description
Check the authenticity of nationwide VAT invoices by querying the official VAT invoice verification platform.
README (SKILL.md)
FP Skill 发票
这是一个用于查询全国增值税发票真假的的OpenClaw Skill。用户可以提问帮我查询发票的真伪,该skill会访问全国增值税发票平台,查询该发票的真伪,并返回查询结果。
用于自动化网页操作,包括打开网页、查找元素、点击、输入和截图。
功能
- 打开指定 URL
- 查找页面元素(如输入框、按钮)
- 填写表单或点击元素
- 截取当前页面并保存截图
- 支持传入参数控制行为
使用方法
见 README.md
Usage Guidance
This skill is not clearly malicious, but it has several red flags and sloppy configuration that you should address before using it:
- The code requires Chrome + Chromedriver, but SKILL.md and registry metadata don't list them; the chromedriver path is hard-coded to a developer machine (/Users/...) — make the driver path configurable or ensure the correct binary exists.
- requirements.txt has duplicate/conflicting packages; clean and pin a single, coherent set of dependencies.
- Review patch_fp.py: it rewrites skill.py to add support for downloading images from arbitrary URLs using requests.get(..., verify=False). That both expands network access beyond the documented scope and disables SSL verification (insecure). Only apply such a patch after you understand and audit it. Prefer not to disable SSL verification.
- If you will run this in a hosted environment, ensure the workspace file paths (e.g., /root/.openclaw/.../fp5_new.pdf) are correct and that you trust any files uploaded to the service the skill automates.
- Consider removing or restricting patch_fp.py, or require explicit review/consent before applying it. Add explicit documentation of all required binaries and network endpoints the skill will contact.
If you cannot verify or adjust these issues, treat the skill as suspicious and avoid running it with sensitive network access or in privileged environments.
Capability Analysis
Type: OpenClaw Skill
Name: fp-skill
Version: 0.0.1
The skill bundle includes a self-patching script (patch_fp.py) that modifies the main logic in skill.py at runtime, which is a high-risk pattern. The automation script (skill.py) explicitly bypasses SSL security warnings (handle_warning) and the patch introduces insecure HTTP requests with 'verify=False'. While these appear to be functional workarounds for automating the target invoice verification site, the combination of self-modifying code and security control bypasses warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The skill's stated purpose (query official VAT invoice platform) aligns with the selenium-based automation and OCR code. However, the package does not declare required system binaries (Chrome/Chromedriver) even though the code requires them. The code hardcodes a chromedriver path (/Users/pengsiyi/...) and references workspace files under /root/.openclaw/..., which are inconsistent and likely to fail or behave unexpectedly in other environments.
Instruction Scope
SKILL.md describes web automation only (opening pages, filling forms, screenshots), which matches skill.py. But the repo contains patch_fp.py that modifies skill.py to add URL-download behavior (requests.get with verify=False). SKILL.md does not mention this patch or any external downloads. The presence of that patch means the skill could be modified to fetch arbitrary remote resources (captcha images) — a capability not documented in SKILL.md.
Install Mechanism
This is an instruction-only skill with code files and a requirements.txt but no install spec. Dependencies will need pip install -r requirements.txt; requirements contain duplicate/conflicting entries (numpy repeated with different versions, duplicate opencv lines). No direct remote-install URLs are present, so install risk is moderate and messy but not obviously malicious.
Credentials
The skill declares no environment variables or credentials — appropriate for its stated purpose. However, it implicitly requires system-level binaries (Chrome and Chromedriver) and expects files in the skill workspace (fp5_new.pdf, chromedriver path), which are not documented. The patch injects code that would perform arbitrary HTTP GETs, which could require network access not mentioned in SKILL.md.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. The included patch_fp.py can rewrite the skill's own file but does not modify other skills or system configs. This is a local code-modification capability (potentially risky) but not an automatic privilege escalation request.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install fp-skill - After installation, invoke the skill by name or use
/fp-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
- 初始版本发布,实现发票真伪自动化查询功能。
- 支持自动化操作全国增值税发票查验平台,包括打开网页、表单填写、点击与截图。
- 可通过参数控制操作步骤和行为。
Metadata
Frequently Asked Questions
What is fp-skill?
Check the authenticity of nationwide VAT invoices by querying the official VAT invoice verification platform. It is an AI Agent Skill for Claude Code / OpenClaw, with 268 downloads so far.
How do I install fp-skill?
Run "/install fp-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is fp-skill free?
Yes, fp-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does fp-skill support?
fp-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created fp-skill?
It is built and maintained by serendipity2430 (@serendipity2430); the current version is v0.0.1.
More Skills