invoice-qr-scanner — 发票二维码扫描器

Name: invoice-qr-scanner — 发票二维码扫描器
Author: Evan Chen

Evan Chen

invoice-qr-scanner — 发票二维码扫描器

v1.0.0

自动扫描发票收据中的二维码，填写电子发票申请。适用于用户请求从图像扫描二维码、完成电子发票申请或处理包含在线计费系统二维码的发票收据。

0· 336·0 当前·0 累计

by @chenzhuowen (Evan Chen)·MIT-0

API工具自动化浏览器自动化文件处理系统工具

下载技能包

License

MIT-0

最后更新

2026/4/11

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

该技能的QR解码代码与其声明的目的保持一致，但运行时指令要求代理读取和提交高度敏感的内存数据到任意解码的URL，通过未指定的浏览器自动化，且没有明确的防护措施，这是过度和风险的。

评估建议

该技能如其所言（解码QR代码并尝试填写发票表单），但它将读取您代理内存中的敏感公司数据，并将其提交到QR代码中编码的任何URL。安装前：1) 要求代理在打开或提交到网站之前始终提示您确认（并显示解码的URL）；2) 更喜欢目标URL的域名白名单或手动审批步骤；3) 验证快照和更新的MEMORY.md条目存储在哪里以及谁可以访问它们；4) 在本地测试scan-qr.js以确认QR输出；5) 确保浏览器自动化在沙盒环境中运行，并且在没有明确同意的情况下不自动提交敏感字段。如果作者可以提供明确的浏览器自动化实现、强制确认步骤或域名白名单，重新评估——这些缓解措施将减轻当前的担忧。...

详细分析 ▾

ℹ 用途与能力

The skill name/description (scan invoice QR and fill invoice forms) matches the included QR decoding script and the stated use of MEMORY.md for company/contact info. However, the SKILL.md references browser automation and live form submission but does not declare or include any browser-automation implementation, dependencies, or explicit user-consent steps—this omission is a gap between claimed capability and what's provided.

⚠ 指令范围

Instructions tell the agent to: decode a QR to a URL, open that URL in browser automation, read sensitive company/contact data from memory files (MEMORY.md, memory/YYYY-MM-DD.md), fill and submit forms, take snapshots, and update memory. These actions involve reading and transmitting sensitive data (tax ID, bank account, phone, emails) to external endpoints discovered from QR codes. The SKILL.md says to 'Always verify' the URL but does not mandate user confirmation or domain whitelisting before submission, nor does it specify how snapshots and memory updates are stored or protected.

ℹ 安装机制

There is no install spec (instruction-only skill) which reduces some risk. The repository includes Node.js script and package.json that instructs npm install of qrcode-reader and canvas; canvas has native system dependencies (libcairo, etc.) noted in README. No remote downloads from untrusted URLs are present. Overall install risk is low-to-moderate but the skill assumes availability of browser automation without providing it.

⚠ 凭证需求

The skill requests no environment variables or external credentials, which is good, but it explicitly reads local memory files containing highly sensitive company information (tax ID, bank account numbers, phone numbers, emails) and will transmit them to whatever URL the QR code contains. That is a high-sensitivity operation without declared safeguards; the lack of requested credentials is not sufficient protection because the skill still exfiltrates secrets via the web forms it auto-submits to.

ℹ 持久化与权限

always:false and default autonomous invocation are set. Autonomous invocation combined with this skill's ability to read memory and submit external forms raises the blast radius if the agent runs without explicit user confirmation. The skill also instructs updating memory files, which is reasonable for its purpose but not documented how writes are controlled or consented to.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/3

初始版本：自动扫描发票二维码并填写电子发票申请

● 可疑

安装命令点击复制

官方npx clawhub@latest install invoice-qr-scanner

镜像加速npx clawhub@latest install invoice-qr-scanner --registry https://cn.clawhub-mirror.com

技能文档

概述

该技能通过扫描收据图像中的二维码，实现自动电子发票申请，处理从二维码检测到发票提交的整个工作流程。

工作流

步骤1：二维码识别

当用户提供包含二维码的发票收据图像时：

运行二维码识别脚本：

node scan-qr.js

脚本输出解码的二维码URL
如果识别失败，要求用户直接提供URL

步骤2：导航到发票系统

使用浏览器自动化打开解码的URL
验证页面加载成功
拍摄快照以了解表单结构

步骤3：检索公司信息

填写表单前，检索用户的公司信息：

搜索memory/YYYY-MM-DD.md以获取最近的发票信息
检查MEMORY.md以获取长期存储的详细信息
必需字段通常包括：

- 公司名称 - 税号/统一社会信用代码 - 地址 - 电话号码 - 开户行 - 银行账号

步骤4：填写发票表单

使用浏览器快照分析表单结构
填入公司信息字段
填入收件人信息：

- 手机号码 - 邮箱地址

验证所有必需字段是否完成

步骤5：审查和提交

提交表单
审查确认页面
验证所有信息是否正确
将结果报告给用户

错误处理

二维码未识别

如果二维码识别失败：

要求用户直接提供URL
建议使用手机扫描并共享URL

表单结构变化

如果发票系统表单结构发生变化：

拍摄新快照
标识更新的字段引用
适应填写过程
为未来参考记录新结构

信息缺失

如果缺少必需的公司或联系信息：

要求用户提供缺失的详细信息
更新内存文件以包含新信息
继续执行发票申请

脚本

scan-qr.js

主要用于从图像中识别二维码的脚本，使用Node.js和qrcode-reader库。 使用方法：

node scan-qr.js

要求： - Node.js环境（v14+） - npm包：qrcode-reader、canvas 安装：

cd scripts
npm install qrcode-reader canvas

输出： - 成功时解码的二维码URL（格式："识别成功: ") - 失败时错误消息（格式："错误: ") 技术： - 使用qrcode-reader库进行二维码解码 - 使用Canvas进行图像处理 - 纯JavaScript实现（无需Worker）

内存集成

该技能依赖存储在内存文件中的用户信息： 公司发票头信息（存储在MEMORY.md中）: - 公司名称 - 税号 - 地址 - 电话号码 - 银行信息 联系信息（存储在MEMORY.md中）: - 移动电话号码 - 邮箱地址填写表单时，始终先引用此信息，然后再询问用户。

最佳实践

始终验证 解码的URL的合法性 antes 进行
双重检查 提交前所有信息
拍摄快照 以记录每个步骤
清晰报告 提交后结果给用户
更新内存 如果用户提供更正
使用自动完成 当可用时（比手动输入更准确）

Overview

This skill enables automatic electronic invoice application by scanning QR codes from receipt images and filling out online invoice forms. It handles the complete workflow from QR code detection to invoice submission.

Workflow

Step 1: QR Code Recognition

When a user provides an invoice receipt image containing a QR code:

Run the QR code recognition script:

   node scan-qr.js

The script outputs the decoded QR code URL
If recognition fails, ask user to provide the URL directly

Step 2: Navigate to Invoice System

Open the decoded URL in browser automation
Verify the page loads successfully
Take snapshot to understand form structure

Step 3: Retrieve Company Information

Before filling the form, retrieve the user's company information:

Check memory files for stored invoice header information:

- Search memory/YYYY-MM-DD.md for recent invoice info - Check MEMORY.md for long-term stored details

Required fields typically include:

- Company name (公司名称) - Tax ID/Unified Social Credit Code (税号) - Address (地址) - Phone number (电话) - Bank name (开户行) - Bank account number (银行账号)

Step 4: Fill Invoice Form

Analyze the form structure using browser snapshot
Fill in company information fields
Fill in recipient information:

- Phone number (手机号) - Email address (邮箱)

Verify all required fields are completed

Step 5: Review and Submit

Submit the form
Review confirmation page
Verify all information is correct
Report results to user

Error Handling

QR Code Not Recognized

If QR code recognition fails:

Ask user to provide the URL directly
Suggest using phone to scan and share the URL

Form Structure Changes

If the invoice system form structure changes:

Take a new snapshot
Identify updated field references
Adapt the filling process accordingly
Document the new structure for future reference

Missing Information

If required company or contact information is missing:

Ask user to provide the missing details
Update memory files with new information
Continue with the invoice application

Scripts

scan-qr.js

Primary script for QR code recognition from images using Node.js and qrcode-reader library.

Usage:

node scan-qr.js

Requirements:

Node.js environment (v14+)
npm packages: qrcode-reader, canvas

Installation:

cd scripts
npm install qrcode-reader canvas

Output:

Decoded QR code URL on success (format: "✅ 识别成功: ")
Error message on failure (format: "❌ 错误: ")

Technology:

Uses qrcode-reader library for QR code decoding
Canvas for image processing
Pure JavaScript implementation (no Worker required)

Memory Integration

This skill relies on stored user information in memory files:

Company Invoice Header Information (stored in MEMORY.md):

Company name
Tax ID
Address
Phone number
Bank information

Contact Information (stored in MEMORY.md):

Mobile phone numbers
Email addresses

When filling forms, always reference this information first before asking the user.

Best Practices

Always verify the decoded URL is legitimate before proceeding
Double-check all information before submission
Take snapshots at each step for documentation
Report results clearly to the user after submission
Update memory with new information if user provides corrections
Use auto-complete when available (more accurate than manual input)

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

概述

工作流

步骤1：二维码识别

步骤2：导航到发票系统

步骤3：检索公司信息

步骤4：填写发票表单

步骤5：审查和提交

错误处理

二维码未识别

表单结构变化

信息缺失

脚本

scan-qr.js

内存集成

最佳实践

Overview

Workflow

Step 1: QR Code Recognition

Step 2: Navigate to Invoice System

Step 3: Retrieve Company Information

Step 4: Fill Invoice Form

Step 5: Review and Submit

Error Handling

QR Code Not Recognized

Form Structure Changes

Missing Information

Scripts

scan-qr.js

Memory Integration

Best Practices

安装命令点击复制