← 返回 Skills 市场
evob-z

Compliance Checker Light

作者 evob-z · GitHub ↗ · v1.1.6 · MIT-0
cross-platform ⚠ suspicious
178
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install compliance-checker-light
功能描述
AI 驱动的项目手续合规审查 Skill。通过 Python API 检查 PDF/Word/图片文档的 完整性、时效性和合规性(印章/签名)。当用户需要审查项目文档是否齐全、有效、 合规时使用。典型场景:建设工程手续审查、发票合规检查、行政审批材料审查。
使用说明 (SKILL.md)

\r \r

Compliance Checker - 项目手续合规审查\r

\r

核心能力\r

\r

  • 资料完整性核对(精确+语义匹配文件名)\r
  • 资料时效性核对(有效期判定)\r
  • 视觉合规检测(Qwen-VL 识别印章/签名)\r \r

Python API\r

\r 本工具提供 3 个原子 API 函数,直接返回 Python 字典,无需解析 JSON。\r \r

1. completeness - 文档批量嗅探\r

\r 扫描目录中的文件,与给定文档名称列表做精确+语义匹配。\r \r

from compliance_checker.application.commands.completeness_cmd import run_completeness\r
\r
result = await run_completeness(\r
    path="D:/docs",\r
    documents=["立项批复", "环评报告", "施工许可证"]\r
)\r
```\r
\r
**参数:**\r
\r
| 参数 | 类型 | 必需 | 说明 |\r
|------|------|------|------|\r
| path | str | 是 | 项目文件夹路径 |\r
| documents | List[str] | 是 | 文档名称列表 |\r
\r
**返回值:**\r
\r
```python\r
{\r
    "立项批复": {\r
        "path": "D:/docs/立项批复.pdf",\r
        "similarity": 1.0,\r
        "match_type": "exact"\r
    },\r
    "环评报告": {\r
        "path": "D:/docs/环境评价报告.pdf",\r
        "similarity": 0.85,\r
        "match_type": "semantic"\r
    },\r
    "施工许可证": None\r
}\r
```\r
\r
- `match_type` 为 `exact` 表示精确匹配(子串包含),`semantic` 表示语义匹配\r
- 值为 `None` 表示目录中未找到匹配文件\r
\r
### 2. timeliness - 时效性计算\r
\r
解析单个文件,提取日期信息,判定文档时效性状态。\r
\r
```python\r
from compliance_checker.application.commands.timeliness_cmd import run_timeliness\r
\r
result = await run_timeliness(\r
    file="D:/docs/立项批复.pdf",\r
    reference_time="2026-03-15"  # 可选,默认为当前时间\r
)\r
```\r
\r
**参数:**\r
\r
| 参数 | 类型 | 必需 | 说明 |\r
|------|------|------|------|\r
| file | str | 是 | 文件路径(.pdf / .docx / .doc / 图片) |\r
| reference_time | str | 否 | 校验基准时间(YYYY-MM-DD),默认为当前时间 |\r
\r
**返回值:**\r
\r
```python\r
{\r
    "status": "VALID",\r
    "sign_date": "2025-06-15",\r
    "expiry_date": "2026-06-15",\r
    "validity": "365天",\r
    "branch": "HAS_EXPIRY",\r
    "reason": "文件在有效期内"\r
}\r
```\r
\r
- `status`: `VALID`(有效)/ `EXPIRED`(过期)/ `UNKNOWN`(无法判定)\r
\r
### 3. visual - 视觉质检\r
\r
检测文档中的印章、签名等视觉元素。\r
\r
```python\r
from compliance_checker.application.commands.visual_cmd import run_visual\r
\r
result = await run_visual(\r
    file="D:/docs/立项批复.pdf",\r
    targets=["公章", "法人签字"]\r
)\r
```\r
\r
**参数:**\r
\r
| 参数 | 类型 | 必需 | 说明 |\r
|------|------|------|------|\r
| file | str | 是 | 文件路径(.pdf / 图片) |\r
| targets | List[str] | 是 | 检测目标列表(如["公章", "法人签字"]) |\r
\r
**targets 命名规则:**\r
\r
- 含"章"的视为印章检测(如"公章"、"发票专用章"、"骑缝章")\r
- 含"签"的视为签名检测(如"法人签字"、"经办人签名")\r
- 用户的原始 target 字符串会透传到 Qwen-VL 的 Prompt 中\r
\r
**返回值:**\r
\r
```python\r
{\r
    "公章": {\r
        "found": True,\r
        "confidence": 0.95,\r
        "location": "右下角",\r
        "reasoning": "检测到红色圆形公章"\r
    },\r
    "法人签字": {\r
        "found": False,\r
        "confidence": 0.0,\r
        "location": "",\r
        "reasoning": "已检查 2 页,未找到法人签字"\r
    }\r
}\r
```\r
\r
## 辅助函数\r
\r
```python\r
from compliance_checker.api import check_health\r
\r
# 检查服务健康状态\r
health = await check_health()\r
print(health["status"])  # "healthy" 或 "unhealthy"\r
```\r
\r
## 路径规则\r
\r
传递路径参数时,**建议使用正斜杠 (/)**:\r
\r
- 推荐:`D:/projects/docs`\r
- 可用但不推荐:`D:\projects\docs`\r
\r
## 典型工作流\r
\r
当用户要求审查文档时,按以下步骤执行:\r
\r
1. **验证安装**:首次使用前检查健康状态确认可用\r
2. **获取路径**:**必须从用户处获取具体的文件或目录路径**\r
   - 如用户未提供路径,必须直接询问用户,不得自主探测\r
3. **分析用户意图**:从用户描述中提取检查维度:\r
   - 需要检查哪些文件 -> 使用 `run_completeness`\r
   - 需要检查有效期 -> 使用 `run_timeliness`\r
   - 需要检查印章/签名 -> 使用 `run_visual`\r
4. **执行 API 调用**:根据需要调用一个或多个函数\r
5. **汇总结果**:直接处理返回的字典,向用户汇报\r
\r
### 参数要求(安全规范)\r
\r
**所有 API 函数的路径参数均为严格必需:**\r
\r
| 函数 | 必需参数 | 说明 |\r
|------|----------|------|\r
| run_completeness | path, documents | 必须提供目录路径和文档列表 |\r
| run_timeliness | file | 必须提供文件路径 |\r
| run_visual | file, targets | 必须提供文件路径和检测目标 |\r
\r
**Agent 行为约束:**\r
- **禁止自主探测路径**:Agent 不得扫描文件系统\r
- **必须询问用户**:如果用户请求中未提供具体的文件或目录路径,Agent 必须直接询问用户获取绝对路径\r
- **禁止猜测路径**:Agent 不得假设或推断文件位置\r
\r
### 示例:发票审查\r
\r
```python\r
from compliance_checker.application.commands.completeness_cmd import run_completeness\r
from compliance_checker.application.commands.timeliness_cmd import run_timeliness\r
from compliance_checker.application.commands.visual_cmd import run_visual\r
\r
# 步骤1:检查发票文件是否存在\r
completeness_result = await run_completeness(\r
    path="D:/finance/invoices",\r
    documents=["增值税发票", "收据"]\r
)\r
\r
# 步骤2:检查时效性\r
timeliness_result = await run_timeliness(\r
    file="D:/finance/invoices/增值税发票.pdf",\r
    reference_time="2026-03-15"\r
)\r
\r
# 步骤3:检查印章\r
visual_result = await run_visual(\r
    file="D:/finance/invoices/增值税发票.pdf",\r
    targets=["发票专用章"]\r
)\r
```\r
\r
### 示例:工程手续审查\r
\r
```python\r
# 步骤1:批量检查文件完整性\r
completeness = await run_completeness(\r
    path="D:/projects/building",\r
    documents=["立项批复", "环评批复", "施工许可证"]\r
)\r
\r
# 步骤2:对每个找到的文件逐一检查时效性\r
for doc_name, doc_info in completeness.items():\r
    if doc_info:\r
        timeliness = await run_timeliness(file=doc_info["path"])\r
        print(f"{doc_name}: {timeliness['status']}")\r
\r
# 步骤3:检查是否盖有公章\r
visual = await run_visual(\r
    file="D:/projects/building/立项批复.pdf",\r
    targets=["公章"]\r
)\r
```\r
\r
## 错误处理\r
\r
所有错误以异常形式抛出,使用 try-except 捕获:\r
\r
```python\r
from compliance_checker.core.exceptions import ComplianceCheckerError\r
\r
try:\r
    result = await run_completeness(path="D:/nonexistent", documents=["test"])\r
except FileNotFoundError as e:\r
    print(f"路径错误: {e}")\r
except ValueError as e:\r
    print(f"参数错误: {e}")\r
except ComplianceCheckerError as e:\r
    print(f"检查错误: {e}")\r
```\r
\r
| 错误类型 | 含义 | 恢复策略 |\r
|----------|------|----------|\r
| FileNotFoundError | 文件/目录不存在 | 请用户确认路径 |\r
| ValueError | 参数格式错误 | 检查参数格式(日期格式等) |\r
| ComplianceCheckerError | 内部异常 | 检查环境配置和 API 密钥 |\r
\r
## 支持的文档格式\r
\r
- PDF(支持 OCR 识别扫描件)\r
- Word(.docx, .doc)\r
- 图片(.png, .jpg, .jpeg)\r
\r
## 支持的日期格式(timeliness 命令)\r
\r
- `2024年3月15日`\r
- `2024-03-15`\r
- `2024/03/15`\r
- `2024年3月`(自动补全为3月31日)\r
\r
---\r
\r
# 安装与配置(给用户)\r
\r
## 安装\r
\r
**步骤 1:创建并激活虚拟环境(venv)**\r
\r
```bash\r
# 创建虚拟环境\r
python -m venv .venv\r
\r
# Windows PowerShell 激活\r
.venv\Scripts\activate\r
\r
# 或 Windows CMD 激活\r
.venv\Scripts\activate.bat\r
\r
# 或 Linux/Mac 激活\r
source .venv/bin/activate\r
```\r
\r
**步骤 2:安装 compliance-checker**\r
\r
```bash\r
# 基础安装(不含 OCR 功能)\r
pip install compliance-checker\r
\r
# 或安装阿里云 OCR 支持(云端 OCR,需网络)\r
pip install compliance-checker[cloud-ocr]\r
\r
# 或安装本地 PaddleOCR 支持(本地 OCR,体积较大)\r
pip install compliance-checker[local-ocr]\r
\r
# 或完整安装(包含所有可选依赖)\r
pip install compliance-checker[all]\r
```\r
\r
## 验证安装\r
\r
```python\r
from compliance_checker.api import check_health\r
import compliance_checker\r
\r
# 检查版本\r
print(compliance_checker.__version__)\r
\r
# 检查健康状态\r
health = await check_health()\r
print(health["status"])\r
```\r
\r
## 配置方式(SecretRef)\r
\r
本 Skill 遵循 OpenClaw SecretRef 规范进行密钥管理,**不支持直接读取环境变量**。\r
\r
### 必需配置\r
\r
- `llm_api_key`: LLM API 密钥\r
\r
### 可选配置\r
\r
- `llm_base_url`: LLM API 端点(默认: https://api.openai.com/v1)\r
- `llm_model`: LLM 模型名称(默认: gpt-4o)\r
- `llm_timeout`: 请求超时(默认: 60秒)\r
- `llm_max_retries`: 最大重试次数(默认: 3)\r
- `embed_api_key`: 嵌入模型 API 密钥(默认使用 llm_api_key)\r
- `embed_model`: 嵌入模型名称(默认: text-embedding-v1)\r
- `vision_api_key`: 视觉模型 API 密钥(默认使用 llm_api_key)\r
- `vision_model`: 视觉模型名称(默认: qwen3-vl-flash)\r
- `ocr_backend`: OCR 后端(默认: none)\r
- `alibaba_cloud_access_key_id`: 阿里云 Access Key ID\r
- `alibaba_cloud_access_key_secret`: 阿里云 Access Key Secret\r
\r
### 使用示例\r
\r
```python\r
from compliance_checker.infrastructure.config import CheckerConfig\r
\r
# 使用 SecretRef 配置\r
config = CheckerConfig.from_secret_ref(\r
    secrets={\r
        "llm_api_key": {"source": "env", "provider": "default", "id": "LLM_API_KEY"},\r
        "llm_model": "qwen-max"\r
    }\r
)\r
```\r
\r
---\r
\r
# 数据隐私与合规声明 (Data Privacy Notice)\r
\r
使用本工具时,您的文档数据可能会发送到外部服务:\r
\r
### 视觉检测服务(visual API)\r
- 当调用 `run_visual` 时,文档图像及检测目标(targets)将通过 HTTPS 加密传输至配置的视觉模型服务端\r
- 默认使用阿里云 DashScope(`LLM_BASE_URL`),可通过配置切换到本地部署的 Vision 模型\r
\r
### OCR 服务(可选)\r
- `OCR_BACKEND=none`(默认):本地处理,不发送数据\r
- `OCR_BACKEND=paddle`:本地 PaddleOCR,数据不离开本机\r
- `OCR_BACKEND=aliyun`:发送到阿里云 OCR 服务\r
\r
### 安全建议\r
处理敏感 B2B 合规文档时,建议:\r
1. 配置本地部署的 Vision 模型端点\r
2. 将 `OCR_BACKEND` 设置为 `paddle` 使用本地 OCR\r
3. 通过私有 LLM 端点实现完全内网部署\r
\r
**本工具不会持久化存储您的文档内容。**\r
安全使用建议
This package appears to implement the stated document-compliance features, but there are mismatches between the repository metadata, changelog, SKILL.md, and actual code. Before installing or providing secrets: - Treat the LLM/Vision keys as sensitive: the tool will send image/text to external services (e.g., DashScope/Qwen-VL or other OpenAI-compatible endpoints) during visual and semantic checks. - The SKILL.md says configuration should use OpenClaw SecretRef, but the code still reads environment variables (os.getenv) in several places (health checks, fallbacks). If you expect strict SecretRef-only behavior, review/patch code or run in an environment where you control env variables. - 'exec' SecretRef providers are supported — that means secret retrieval could run external commands; only enable that if you trust the skill and the secret provider. - If you must process highly sensitive documents, prefer local OCR (OCR_BACKEND=paddle) and avoid enabling cloud OCR/vision keys; test in an isolated environment (no network) first. - Ask the skill author (or vendor) to fix the metadata inconsistency (registry metadata should list required credentials) and to remove/clarify any remaining os.getenv fallbacks if SecretRef-only configuration is intended. If you are not comfortable providing API keys or cannot run it in an isolated/trusted environment, do not install or run it with cloud/vision keys enabled.
功能分析
Type: OpenClaw Skill Name: compliance-checker-light Version: 1.1.6 The skill implements a 'SecretRef' mechanism in 'src/compliance_checker/infrastructure/config/secret_ref.py' that supports an 'exec' provider, allowing the execution of arbitrary system commands via 'subprocess.run' to resolve credentials. While this is documented as part of the OpenClaw specification, it introduces a high-risk execution vector. Additionally, the skill transmits document text and images to external AI endpoints (OpenAI and Aliyun DashScope) for compliance analysis. No clear evidence of intentional malice or data exfiltration was found, but the combination of local command execution capabilities and external data flows for sensitive documents warrants a suspicious classification.
能力评估
Purpose & Capability
The skill is a Python library for document completeness/timeliness/visual checks and requires python/pip which is coherent. It legitimately needs LLM and vision credentials for semantic matching and Qwen-VL visual checks. However the registry metadata claims no required env vars/credentials while SKILL.md and code require an LLM API key (and support many optional keys), so the package metadata and documentation are inconsistent.
Instruction Scope
Runtime instructions (SKILL.md) are narrowly scoped to: ask the user for a path/file, call the Python APIs, and return structured results. The SKILL.md explicitly forbids autonomous filesystem scanning. The implementation respects user-provided paths (scans only the supplied directory/file) and does not instruct the agent to collect unrelated system data.
Install Mechanism
Installation is via pip (pip install compliance-checker) and the codebase included appears to be a normal Python package with common dependencies. No high-risk remote download URLs or archive-extract steps were found in the provided metadata.
Credentials
SKILL.md declares SecretRef-based configuration with llm_api_key required and many optional keys (vision, embed, Alibaba cloud keys). That is reasonable for its functionality, but the registry metadata shown earlier lists no required env vars/primary credential — a mismatch. Additionally, the code still contains numerous os.getenv usages (e.g., health checks) and fallbacks to environment variables, despite changelog/docs claiming env-reading was removed. SecretRef providers include 'exec' and 'file' which, while standard, allow external command execution to retrieve secrets (so you should trust the secret provider). Overall the set of secrets requested is functionally justifiable but the inconsistent declarations and env fallbacks are concerning.
Persistence & Privilege
The skill is not forced-always (always: false) and is user-invocable. It does not request to modify other skills or system-wide agent settings. It may call external LLM/vision endpoints during health checks or when performing visual/semantic checks, which is expected for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install compliance-checker-light
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /compliance-checker-light 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.6
**SecretRef support and API refactor for compliance-checker-light 1.1.6** - Adopt OpenClaw SecretRef standard for configuration/secret management; direct environment variable access is no longer supported. - Add and document src/compliance_checker/api.py as the new location for the `check_health` API (was previously in the CLI). - Remove the CLI entry point and related CLI health check. - Update configuration infrastructure: add secret_ref.py, refactor settings and config loading to support flexible secret providers. - Document new installation options and SecretRef usage in SKILL.md and related docs. - Metadata now explicitly documents required/optional secret keys and provider types.
v1.1.4
Version 1.1.4 - Updated documentation in SKILL.md, README.md, and CHANGELOG.md for clarity and completeness. - Incremented version strings in SKILL.md and project files. - Minor code and configuration adjustments in Python source and pyproject.toml to improve consistency and maintainability. - No breaking API/interface changes. All core functionality and APIs remain as in previous version.
v1.1.3
compliance-checker-light 1.1.3 - 切换主要用法为 Python API,文档和示例基于异步 API 调用(不再主推 CLI 子命令)。 - SKILL.md/README/CHANGELOG:全面重写,详细说明各 API 的入参出参、错误处理方式和用法范例。 - 明确所有错误通过异常抛出,非 JSON stdout。 - CLI 子命令保留,但不作为默认集成用法推荐。 - 健康检查接口可通过 await check_health() 获得。 - 强化 agent 路径参数安全规范说明。
v1.1.2
- Updated version to 1.1.2. - Documentation in SKILL.md improved for clarity; no functional CLI/feature changes indicated. - Metadata and dependency files (_meta.json, pyproject.toml) updated for consistency with the new version. - CHANGELOG.md updated.
v1.1.1
Version 1.1.1 (compliance-checker-light) - Updated skill metadata to clarify required and optional environment variables. - Significantly tightened agent behavior for file scanning: now strictly disallows any autonomous path probing; user must always provide file/dir paths for all commands. - CLI parameter documentation updated to require explicit user input for all path/file arguments. - Added a "Data Privacy Notice" section outlining data handling practices and security recommendations. - Documentation clarifies that agents must never guess, infer, or search for files—only use explicit user paths.
v1.1.0
**Changelog for compliance-checker-light v1.1.0** - Added retrieval-augmented features and supporting modules (`rag` directory: `chunker.py`, `validity_retriever.py`). - Significantly enhanced environment/configuration instructions, with expanded and more granular ENV options in SKILL.md. - Updated project workflow documentation to emphasize security, restricting file searches to current and first-level subdirectories unless explicit paths are provided. - Removed legacy scripts for local checks and setup; project is now cleaner and oriented towards CLI-only workflows. - Clarified and updated README and all major command interface docs to match the improved logic and configuration options.
v1.0.0
Compliance Checker v1.0.0 – Initial Release - Provides CLI commands for compliance review of project documents. - Supports document completeness (file presence, name matching), timeliness (expiry validation), and visual inspection (stamp/signature detection). - Outputs all results in structured JSON, with errors also reported in JSON. - Designed for typical use cases such as construction procedure review, invoice compliance, and administrative material checks. - Requires Python environment and LLM API key configuration. - Includes clear installation, configuration, and workflow documentation.
元数据
Slug compliance-checker-light
版本 1.1.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

Compliance Checker Light 是什么?

AI 驱动的项目手续合规审查 Skill。通过 Python API 检查 PDF/Word/图片文档的 完整性、时效性和合规性(印章/签名)。当用户需要审查项目文档是否齐全、有效、 合规时使用。典型场景:建设工程手续审查、发票合规检查、行政审批材料审查。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 178 次。

如何安装 Compliance Checker Light?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install compliance-checker-light」即可一键安装,无需额外配置。

Compliance Checker Light 是免费的吗?

是的,Compliance Checker Light 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Compliance Checker Light 支持哪些平台?

Compliance Checker Light 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Compliance Checker Light?

由 evob-z(@evob-z)开发并维护,当前版本 v1.1.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论