ClawHub

GLM-OCR-Formula

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for formula OCR, but it requires a ZhiPu API key and sends chosen images or PDFs to the external GLM-OCR API.

This appears safe to use for its stated purpose if you are comfortable providing a ZhiPu API key and sending the selected image or PDF content to the GLM-OCR API. Avoid using it on confidential documents unless that external processing is acceptable.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI01: Agent Goal Hijack
Low
What this means

If the API fails or is unavailable, the agent may stop instead of trying another OCR or vision method.

Why it was flagged

The skill strongly constrains the agent to use this specific OCR API and not attempt fallback extraction methods. This is disclosed and aligned with an API-specific OCR skill, but it affects how the agent handles failures or alternatives.

Skill content
ONLY use GLM-OCR API ... NEVER offer alternatives ... IF API fails — Display the error message and STOP immediately
Recommendation

Use this skill when you specifically want GLM-OCR processing; if you want alternatives or local processing, tell the agent explicitly before using another tool.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The configured API key may authorize OCR API usage and could incur account usage or billing with the provider.

Why it was flagged

The script uses a ZhiPu API key as a bearer credential for the official API request. This is expected for the service integration and there is no evidence of hardcoding, logging, or sending the key to an unrelated endpoint.

Skill content
api_key = _get_env("ZHIPU_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"
Recommendation

Store the API key securely, use the least-privileged key available, and rotate it if you suspect exposure.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Images or PDFs you ask the skill to process may be sent to ZhiPu's API, so confidential documents could be exposed to that provider.

Why it was flagged

For local files, the script reads the selected file, base64-encodes it, and submits it to the external GLM-OCR API endpoint. This is central to the skill's purpose and disclosed, but it means file contents leave the local environment.

Skill content
data = path.read_bytes(); b64 = base64.b64encode(data) ... requests.post(api_url, json=payload, headers=headers
Recommendation

Only use the skill on files you are comfortable sending to the ZhiPu service, and review the provider's data handling terms for sensitive material.