← 返回 Skills 市场
371
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pdf-contract-redactor
功能描述
PDF contract redaction tool. Use when the user needs to redact sensitive information from scanned PDF contracts. The tool performs OCR to extract text, ident...
安全使用建议
This skill appears to do what it says, but consider these practical cautions before using it:
- Credentials: The script expects your Alibaba AccessKey ID and Secret as command-line arguments; passing secrets on the command line can expose them via process listings and shell history. Prefer modifying the script to read credentials from a protected environment variable, a config file with restricted permissions, or a secrets manager.
- Redaction effectiveness: The tool overlays black rectangles on the original PDF pages. If the original PDF contains underlying selectable/searchable text or metadata, that underlying text may remain accessible even after the visual overlay. Verify redaction by attempting to select/copy text from the redacted PDF and consider flattening the PDF or exporting a rasterized final PDF to ensure irreversible removal.
- Error handling: The SKILL.md mentions exponential backoff for OCR failures but the implementation does not implement retries; expect possible dropped pages/text if the API call fails. Test with non-sensitive documents first.
- Privacy: The images are sent to Alibaba's OCR endpoint; only use with documents you are allowed to upload to that external service. If documents are highly sensitive, consider an offline OCR alternative.
- Validation: Run the tool on sample contracts and confirm that the fields you need are matched and redacted correctly (edge cases with layout/coordinates may cause false negatives/positives).
If you need stronger guarantees (no residual text, no external network calls), either modify the tool to use a local OCR engine and to flatten outputs, or withhold highly sensitive documents from being processed by cloud OCR services.
功能分析
Type: OpenClaw Skill
Name: pdf-contract-redactor
Version: 1.0.0
The skill exhibits risky capabilities by handling sensitive cloud credentials and contract data, including the transmission of document content to an external OCR API (ocr.aliyuncs.com). While its behavior is aligned with the stated purpose, the script `scripts/redact_contract.py` contains a functional flaw in its authentication logic (missing HMAC signature) and creates a potential data leakage risk by exporting extracted sensitive values into an unencrypted local JSON file (`_fields.json`), which could lead to accidental exposure of the very data intended for redaction.
能力评估
Purpose & Capability
The name/description match the included script and SKILL.md: the code converts PDF pages to images, calls Alibaba Cloud OCR, matches field names to nearby values, and draws black rectangles over value areas. Requiring Alibaba OCR credentials (provided at runtime) is coherent with the stated purpose.
Instruction Scope
SKILL.md instructions stay within the redaction task and the script follows them. Minor mismatches: SKILL.md says it will 'retry with exponential backoff' on API failures but the script's AliyunOCRClient simply catches exceptions and returns an empty list (no backoff). SKILL.md demonstrates passing credentials as CLI args (and the script expects them) — functionally OK but a security practice concern because command-line args are visible in process lists/shell history.
Install Mechanism
No install spec; the skill is instruction+script only. Declared Python dependencies (pymupdf, pillow, requests) are appropriate and proportional to the task and are standard packages from PyPI. Nothing is downloaded from arbitrary URLs or written to unexpected locations.
Credentials
The only sensitive credentials used are Alibaba AccessKey ID and Secret, which the script legitimately needs to call the OCR API. The registry metadata does not declare env vars but the SKILL.md and script expect the credentials as CLI args — this is coherent but risky (exposes secrets in ps/command history). The script does not require or attempt to read unrelated credentials or system config.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills or system configurations, and writes only local output files (<name>_redacted.pdf and <name>_fields.json). It does not request persistent elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pdf-contract-redactor - 安装完成后,直接呼叫该 Skill 的名称或使用
/pdf-contract-redactor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of PDF Contract Redactor, a tool to redact sensitive values from scanned PDF contracts while preserving field names.
- Uses Alibaba Cloud OCR for accurate text extraction, including support for Chinese.
- Automatically matches field names to their values and redacts only the values using black rectangles.
- Outputs a redacted PDF and a JSON file listing all matched field-value pairs.
- Includes robust error handling and supports batch PDF processing.
元数据
常见问题
Pdf Contract Redactor 是什么?
PDF contract redaction tool. Use when the user needs to redact sensitive information from scanned PDF contracts. The tool performs OCR to extract text, ident... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。
如何安装 Pdf Contract Redactor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pdf-contract-redactor」即可一键安装,无需额外配置。
Pdf Contract Redactor 是免费的吗?
是的,Pdf Contract Redactor 完全免费(开源免费),可自由下载、安装和使用。
Pdf Contract Redactor 支持哪些平台?
Pdf Contract Redactor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pdf Contract Redactor?
由 chan(@chayjan)开发并维护,当前版本 v1.0.0。
推荐 Skills