ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

完美排版ocr

v1.0.0

Full OCR pipeline for scanned PDFs with layout preservation. Use this skill whenever the user wants to OCR a PDF, convert a scanned document to searchable te...

0· 49·0 current·0 all-time
bygamhtoi@biabia-55
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md implement exactly a remote-OCR pipeline (split → submit → poll → render) which fits the stated purpose. However, the script requires an API token (PADDLEOCR_TOKEN) and uses a remote endpoint (paddleocr.aistudio-app.com) while the skill's declared requirements list no environment variables or credentials. The missing declaration is an incoherence.
!
Instruction Scope
Runtime instructions tell the agent to pip-install dependencies and run the included pipeline script. The SKILL.md does not tell the user to set the API token, does not warn that full PDF contents will be uploaded to a remote service, and does not surface the exact remote endpoint — the agent will therefore transmit potentially sensitive documents without an explicit consent/notice step.
Install Mechanism
This is an instruction-only skill with an included script; there is no installer that downloads arbitrary code from unknown URLs. Dependencies are installed via pip at runtime per SKILL.md. No high-risk install URLs or archive extraction are present.
!
Credentials
The Python code reads PADDLEOCR_TOKEN from the environment (and falls back to a placeholder), but the skill metadata declares no required env vars or primary credential. Requesting a single OCR API token would be proportional to the task, but failing to declare it in the registry is a transparency issue and increases risk of accidental data leaks.
Persistence & Privilege
The skill is not always-enabled and does not request special agent privileges. It writes resumable state and intermediate files to a work directory (jobs.json, chunk_* files) which is normal for a pipeline; nothing in the package attempts to alter other skills or agent-wide settings.
What to consider before installing
This skill will upload entire PDF chunks to a third‑party OCR service (paddleocr.aistudio-app.com) and will fetch remote images referenced by OCR results. The code expects an environment variable PADDLEOCR_TOKEN, but the skill metadata does not declare that — you must set it yourself or the script will attempt to use a placeholder token. Before installing or running: (1) Do not process sensitive documents unless you trust the remote service and token; (2) Verify the OCR endpoint and its privacy/security policy; (3) Prefer using a self-hosted/local OCR alternative if you need confidentiality; (4) Run the script in an isolated environment (sandbox or VM) if you must test it; (5) Consider asking the publisher to update the registry metadata to declare PADDLEOCR_TOKEN and to explicitly disclose that PDFs are uploaded externally. If you want, I can point out the exact lines that send files and read the token so you can review them or suggest edits to make the behavior local-only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f72yja99xzr5b8vtya4y54d83ktsf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments