Skillv1.0.4

ClawScan security

PaddleOCR Document Parsing V2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 1:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required environment variables are consistent with a PaddleOCR document-parsing integration; nothing indicates malicious behavior, though there are minor implementation inconsistencies you should be aware of before use.
Guidance: This skill appears to be what it claims: a client that uploads a local file (base64-encoded) or references a URL and sends it to whatever PADDLEOCR_API_URL or PADDLEOCR_JOB_URL you configure. Before installing, verify the endpoint URL you set is an official/trusted PaddleOCR endpoint (the skill will send your document contents and token to that URL). Ensure the Python 'requests' package is available if you plan to use async mode. Be aware of the differing Authorization header formats used by sync vs async paths and confirm which your endpoint expects. Run the tool in an isolated environment if you will upload sensitive documents, and consider rotating the API token if you share it with third-party services. If you need the skill to manage dependencies automatically or want stricter metadata, request the author add an explicit dependency declaration for Python packages and harmonize the env metadata with the documented optional variables.

Review Dimensions

Purpose & Capability: okName/description, required binaries (curl, base64, jq, python3), env vars (access token and API URL), and included scripts all match a document-parsing client for an external PaddleOCR-like API. No unrelated credentials or tools are requested.
Instruction Scope: noteSKILL.md and the scripts limit their actions to encoding or referencing the specified input file/URL and calling the configured API endpoints. They do not attempt to read other system files or exfiltrate unrelated data. Notes: the Python script imports the 'requests' library but SKILL.md and metadata do not declare an installation step or dependency for that package; if not present, async mode will fail. Also the instructions refer to optional PADDLEOCR_JOB_URL and PADDLEOCR_MODEL for async mode — these are documented in SKILL.md but the top-level metadata only lists the two primary env vars, which is a minor mismatch.
Install Mechanism: okThis is instruction-only (no installer). The skill includes two executable scripts in the bundle and does not download or execute external installers. No high-risk install URLs or archive extraction are present.
Credentials: noteRequested env vars (PADDLEOCR_ACCESS_TOKEN, PADDLEOCR_API_URL, and optionally PADDLEOCR_JOB_URL/PADDLEOCR_MODEL) are proportional to the stated purpose. Minor inconsistency: async operation requires PADDLEOCR_JOB_URL but that variable is optional in metadata; also the scripts use different Authorization header formats ('Authorization: token <token>' for sync, 'Authorization: bearer <token>' for async) which may cause confusion depending on the backend's expected scheme.
Persistence & Privilege: okThe skill does not request permanent or privileged presence (always: false). It does not modify other skills or system-wide settings. Normal autonomous invocation is allowed by platform defaults but not elevated here.