Back to skill
Skillv1.0.4
ClawScan security
rapid ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 3:27 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The package is internally consistent: it's an offline-first OCR skill that depends on a PyPI package (rapidocr-onnxruntime) which will automatically download ~13MB of model files on first use; the skill code itself makes no network calls or credential requests.
- Guidance
- This skill appears to do what it says. Before installing: 1) Be aware that installing the PyPI dependency and the first run will access the network to download ~13MB of model files and will store them in your user cache (~/.rapidocr/ or C:\Users\<user>\.rapidocr\). 2) If you need strict offline operation, pre-download the models in a controlled environment and copy them to the target machine (or run the skill once while online). 3) Review and vet the rapidocr-onnxruntime package (source, maintainers, pinned version) before pip installing; consider pinning the dependency to a specific version. 4) Running the bundled tests or initializing the skill will trigger the dependency's download if models are not present. 5) If you require higher assurance, inspect the rapidocr-onnxruntime package code and its model download URL(s) or run the skill in an isolated environment/container.
Review Dimensions
- Purpose & Capability
- okName/description (ticket/invoice OCR) match the code and files. The sole external requirement is the rapidocr-onnxruntime dependency which is appropriate for on-device OCR and explains the model download behavior declared in multiple docs.
- Instruction Scope
- noteSKILL.md and README instruct typical usage (CLI/Python API) and explicitly warn that the dependency will download models on first run. The instructions do not ask the agent to read unrelated paths or secret env vars. Note: test_ocr.py and RapidOCRSkill.__init__ instantiate RapidOCR(), so running tests or initializing the skill will trigger the dependency's model download (network) unless models are already cached.
- Install Mechanism
- okNo install spec bundled; requirements.txt points to a PyPI package (rapidocr-onnxruntime). This is a standard, expected install mechanism (moderate trust surface). There are no downloads from unknown personal servers or URL shorteners in the skill files.
- Credentials
- okNo environment variables, credentials, or special config paths are requested. The skill writes model files to the user's cache directory (e.g., ~/.rapidocr/) on first run — this storage behavior is documented and proportionate to the task.
- Persistence & Privilege
- okSkill does not request permanent 'always' inclusion, does not modify other skills or system-wide settings, and has no privileged persistence. The only persistent effect is storing downloaded model files in the user's cache directory, which is declared in the docs.