Skillv1.0.0

ClawScan security

smart_ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 2:45 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (PaddleOCR-based OCR) matches its instructions, but it's instruction-only and omits any install/spec for large native Python dependencies and models while asking the agent to use code execution and file operations — a proportionality and install-coherence concern.
Guidance: This skill appears to really be an OCR helper using PaddleOCR, but it is instruction-only and does not declare how to install the large native Python packages and model files it needs. Before installing or enabling it: 1) confirm whether your agent/runtime already has paddlepaddle, paddleocr, pdf2image, and poppler (and GPU drivers if you plan to use GPU); otherwise the agent may attempt ad-hoc installs or downloads at runtime; 2) be aware that the SKILL.md allows the agent to fetch URLs and read/write temporary files — avoid processing sensitive documents unless you trust the runtime and network controls; 3) ask the skill author for an explicit install spec (pinned package versions, model download sources) or prefer a vetted skill that provides a safe, reproducible install; 4) if you must use it, run it in a sandboxed environment with restricted network and filesystem access and monitor any package downloads or subprocess executions.

Review Dimensions

Purpose & Capability: noteName and description match the SKILL.md content: the instructions show how to run PaddleOCR on images and PDFs and return structured text. However, PaddleOCR (and its runtime, paddlepaddle, pdf2image/poppler, model files) are non-trivial dependencies that are not declared in registry metadata or an install spec. That omission makes the capability incomplete: a legitimate smart_ocr implementation would normally declare installation steps or required binaries.
Instruction Scope: okThe SKILL.md stays on-topic: it describes initializing PaddleOCR, converting PDFs to images, taking input from paths, bytes, or URLs, and returning bounding boxes/confidence. It does instruct the agent to fetch URLs (requests.get) and to write/delete temporary image files, which are appropriate for OCR and clearly described.
Install Mechanism: concernThere is no install spec despite clear dependence on Python packages and native tools (paddlepaddle, paddleocr, pdf2image, poppler, possibly GPU drivers). Because the skill is instruction-only, the agent or environment would need to supply these at runtime — that can lead to ad-hoc installs or network downloads not controlled or declared by the skill. A legitimate skill should either declare required binaries/packages or provide an install block.
Credentials: okThe skill requests no environment variables or credentials and doesn't reference unrelated config paths. It does request use of tools like code_execution and file_operations (declared in the SKILL.md header), which is proportionate to OCR tasks. Still, code_execution gives an agent broad powers, so the lack of an install spec combined with execution/file access increases the operational risk.
Persistence & Privilege: okThe skill has no always:true flag and does not request persistence or modifications to other skills or system-wide config. It appears to be user-invocable only and does not demand elevated platform privileges.