ClawHub

Veryfi Documents AI

v1.0.1

Real-time OCR and data extraction API by Veryfi (https://veryfi.com). Extract structured data from receipts, invoices, bank statements, W-9s, purchase orders...

16· 888·1 current·2 all-time
byDmitry Birulia@dbirulia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe Veryfi document OCR/extraction and the skill only requires Veryfi API credentials (Client ID, Username, API Key) and references Veryfi endpoints — these are proportional and expected for the stated functionality.
Instruction Scope
SKILL.md contains explicit curl examples and guidance for uploading files, base64 content, or providing URLs to Veryfi endpoints. It does not instruct the agent to read unrelated system files, other services' credentials, or to exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec or code is included — this is instruction-only, so nothing is written to disk or downloaded during install. Low risk from installation mechanics.
Credentials
The three required environment variables (VERYFI_CLIENT_ID, VERYFI_USERNAME, VERYFI_API_KEY) match the Authorization pattern shown in the examples and are consistent with the Veryfi API. Nothing else (unrelated secrets or system config paths) is requested.
Persistence & Privilege
Skill is not marked always:true and does not request elevated platform privileges or modify other skills' configuration. Autonomous invocation is allowed by default but is not combined with other concerning properties here.
Assessment
This skill appears to be an instruction-only wrapper for the official Veryfi API and asks only for the API credentials it needs. Before installing: confirm you trust the skill publisher (registry owner) and prefer loading credentials from environment variables or your agent's secret store rather than embedding them in config files; limit the API key's permissions if possible; test with non-sensitive sample documents; review Veryfi's privacy/retention policy; and rotate keys regularly. If provenance is important, verify the repository/maintainer referenced in package.json (the skill references a Veryfi GitHub repo) before granting long-lived credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97br78yrx64fnavcd33kfz0mn81vz4n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvVERYFI_CLIENT_ID, VERYFI_USERNAME, VERYFI_API_KEY
Primary envVERYFI_CLIENT_ID

Comments