OCR Local V2
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to perform the advertised local OCR task, with the main caution being that it relies on npm/Tesseract downloads that are not fully version-locked.
This looks reasonable for a local OCR skill. Before installing, be comfortable with using the tesseract.js npm package and the first-run download/cache of language data. Only run it on images whose extracted text you are willing to expose to your agent session.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may fetch updated dependency code from npm, which is normal for this OCR implementation but depends on npm package provenance.
The OCR function depends on an external npm package, and the caret version range can allow newer package versions than the one originally reviewed.
"dependencies": { "tesseract.js": "^7.0.0" }Prefer a pinned dependency version and lockfile if you need reproducible installs, and install only from a trusted registry/source.
The first run may use network access and store downloaded language data locally, even though no API key or OCR cloud service is used.
Although the OCR processing is described as local, the skill discloses a first-run external download of Tesseract language data that is then cached.
- First run downloads language data (~20MB per language) - Subsequent runs are cached locally
Be aware of the first-run download and cache behavior; use it only in environments where downloading Tesseract language data is acceptable.