ClawHub

GLM-OCR

v1.0.3

Extract text from images using GLM-OCR API. Supports images and PDFs with high accuracy OCR, table recognition, formula extraction, and handwriting recogniti...

2· 359·2 current·2 all-time
byJared Wen@jaredforreal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (GLM-OCR) match the included scripts and SKILL.md. Required binary (python) and required env vars (ZHIPU_API_KEY, GLM_OCR_TIMEOUT) are appropriate for a networked OCR client that posts images/URLs to the GLM endpoint.
Instruction Scope
SKILL.md instructs running the provided CLI scripts only. The scripts load a local .env (skill root), read local files (base64) or forward URLs, and POST to the fixed GLM API endpoint. The instructions explicitly forbid local parsing or alternative endpoints and the code enforces use of the fixed endpoint.
Install Mechanism
No automated install spec is provided (instruction-only), which minimizes install-time risk. A requirements.txt (requests) is present; the CLI checks for requests and exits with an installation hint. No downloads from untrusted URLs or extracted archives are present.
Credentials
Only ZHIPU_API_KEY (primary) and GLM_OCR_TIMEOUT are required. The skill reads/writes a .env in its own skill root (config_setup writes that file). No unrelated credentials or system paths are requested.
Persistence & Privilege
always:false (not force-included). The skill writes only its own .env and does not modify other skills or system-wide configs. It can be invoked autonomously (platform default) but that is not excessive in itself.
Assessment
This skill forwards images or user-supplied URLs (and base64-encoded local files) to the GLM-OCR service at open.bigmodel.cn and requires your GLM API key in a .env file. Before installing, consider: (1) Do not send sensitive or confidential documents to a remote OCR service you don't control? (2) Keep the ZHIPU_API_KEY secret and add the skill's .env to .gitignore (the provided config_setup.py reminds you of this). (3) The skill can be invoked by agents by default — if you allow autonomous agent actions, review whether automated uploads of user-provided images are acceptable in your environment. If you need further checking, request a full line-by-line review of the truncated portion of glm_ocr_cli.py (the provided file was partially truncated in the listing).

Like a lobster shell, security has layers — review code before you run it.

latestvk971nhnps52rw7bxjz5men5q7h8349hq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binspython
EnvZHIPU_API_KEY, GLM_OCR_TIMEOUT
Primary envZHIPU_API_KEY

Comments