← 返回 Skills 市场
fp-skill
作者
serendipity2430
· GitHub ↗
· v0.0.1
· MIT-0
268
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install fp-skill
功能描述
Check the authenticity of nationwide VAT invoices by querying the official VAT invoice verification platform.
使用说明 (SKILL.md)
FP Skill 发票
这是一个用于查询全国增值税发票真假的的OpenClaw Skill。用户可以提问帮我查询发票的真伪,该skill会访问全国增值税发票平台,查询该发票的真伪,并返回查询结果。
用于自动化网页操作,包括打开网页、查找元素、点击、输入和截图。
功能
- 打开指定 URL
- 查找页面元素(如输入框、按钮)
- 填写表单或点击元素
- 截取当前页面并保存截图
- 支持传入参数控制行为
使用方法
见 README.md
安全使用建议
This skill is not clearly malicious, but it has several red flags and sloppy configuration that you should address before using it:
- The code requires Chrome + Chromedriver, but SKILL.md and registry metadata don't list them; the chromedriver path is hard-coded to a developer machine (/Users/...) — make the driver path configurable or ensure the correct binary exists.
- requirements.txt has duplicate/conflicting packages; clean and pin a single, coherent set of dependencies.
- Review patch_fp.py: it rewrites skill.py to add support for downloading images from arbitrary URLs using requests.get(..., verify=False). That both expands network access beyond the documented scope and disables SSL verification (insecure). Only apply such a patch after you understand and audit it. Prefer not to disable SSL verification.
- If you will run this in a hosted environment, ensure the workspace file paths (e.g., /root/.openclaw/.../fp5_new.pdf) are correct and that you trust any files uploaded to the service the skill automates.
- Consider removing or restricting patch_fp.py, or require explicit review/consent before applying it. Add explicit documentation of all required binaries and network endpoints the skill will contact.
If you cannot verify or adjust these issues, treat the skill as suspicious and avoid running it with sensitive network access or in privileged environments.
功能分析
Type: OpenClaw Skill
Name: fp-skill
Version: 0.0.1
The skill bundle includes a self-patching script (patch_fp.py) that modifies the main logic in skill.py at runtime, which is a high-risk pattern. The automation script (skill.py) explicitly bypasses SSL security warnings (handle_warning) and the patch introduces insecure HTTP requests with 'verify=False'. While these appear to be functional workarounds for automating the target invoice verification site, the combination of self-modifying code and security control bypasses warrants a suspicious classification.
能力评估
Purpose & Capability
The skill's stated purpose (query official VAT invoice platform) aligns with the selenium-based automation and OCR code. However, the package does not declare required system binaries (Chrome/Chromedriver) even though the code requires them. The code hardcodes a chromedriver path (/Users/pengsiyi/...) and references workspace files under /root/.openclaw/..., which are inconsistent and likely to fail or behave unexpectedly in other environments.
Instruction Scope
SKILL.md describes web automation only (opening pages, filling forms, screenshots), which matches skill.py. But the repo contains patch_fp.py that modifies skill.py to add URL-download behavior (requests.get with verify=False). SKILL.md does not mention this patch or any external downloads. The presence of that patch means the skill could be modified to fetch arbitrary remote resources (captcha images) — a capability not documented in SKILL.md.
Install Mechanism
This is an instruction-only skill with code files and a requirements.txt but no install spec. Dependencies will need pip install -r requirements.txt; requirements contain duplicate/conflicting entries (numpy repeated with different versions, duplicate opencv lines). No direct remote-install URLs are present, so install risk is moderate and messy but not obviously malicious.
Credentials
The skill declares no environment variables or credentials — appropriate for its stated purpose. However, it implicitly requires system-level binaries (Chrome and Chromedriver) and expects files in the skill workspace (fp5_new.pdf, chromedriver path), which are not documented. The patch injects code that would perform arbitrary HTTP GETs, which could require network access not mentioned in SKILL.md.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. The included patch_fp.py can rewrite the skill's own file but does not modify other skills or system configs. This is a local code-modification capability (potentially risky) but not an automatic privilege escalation request.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install fp-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/fp-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
- 初始版本发布,实现发票真伪自动化查询功能。
- 支持自动化操作全国增值税发票查验平台,包括打开网页、表单填写、点击与截图。
- 可通过参数控制操作步骤和行为。
元数据
常见问题
fp-skill 是什么?
Check the authenticity of nationwide VAT invoices by querying the official VAT invoice verification platform. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 268 次。
如何安装 fp-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install fp-skill」即可一键安装,无需额外配置。
fp-skill 是免费的吗?
是的,fp-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
fp-skill 支持哪些平台?
fp-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 fp-skill?
由 serendipity2430(@serendipity2430)开发并维护,当前版本 v0.0.1。
推荐 Skills