ClawHub

GLM-OCR-Handwriting

v1.0.3

Official skill for recognizing handwritten text from images using ZhiPu GLM-OCR API. Supports various handwriting styles, languages, and mixed handwritten/pr...

1· 271·0 current·0 all-time
byJared Wen@jaredforreal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill provides handwriting OCR by running a Python script that posts images (local or URL) to the documented GLM‑OCR layout_parsing endpoint. Required items (python, ZHIPU_API_KEY, GLM_OCR_TIMEOUT) are appropriate and proportional.
Instruction Scope
SKILL.md limits runtime behavior to invoking the included CLI script and displaying results. It documents fixed official endpoint, how to provide the API key, and explicitly forbids alternative data flows or local fallback OCR. The instructions reference only expected config locations (openclaw.json, shell env) and do not tell the agent to read unrelated system files or exfiltrate data.
Install Mechanism
There is no install spec; this is instruction-only with a bundled Python script. The script depends on the widely used 'requests' library (prompting the user to pip install it) — no downloads from untrusted URLs or archive extraction are present.
Credentials
Only ZHIPU_API_KEY (primary credential) and an optional GLM_OCR_TIMEOUT are required. Both are justified by the functionality. The skill does not request unrelated credentials or config paths.
Persistence & Privilege
The skill does not request always:true or any elevated/persistent system-wide presence. It's user-invocable and allowed to be called autonomously (platform default), but it does not modify other skills or system configs.
Assessment
This skill appears to do what it claims, but check these before installing: (1) the ZHIPU_API_KEY you provide will be sent to https://open.bigmodel.cn/api/paas/v4/layout_parsing — only use a key you trust to share with ZhiPu; (2) the script requires the Python 'requests' package — install in a virtualenv if you prefer isolation; (3) the SKILL.md forbids fallbacks, so if the API fails the skill will stop rather than attempt local OCR; (4) if you reuse the same ZHIPU_API_KEY across multiple skills, a compromise of one skill could affect others — consider using a restricted/rotated key or project-specific key; and (5) if you want extra assurance, review/run the included scripts locally to confirm behavior and network requests before granting the key to an agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6d8q7jxbfjcjmsxeq4m48s8382p4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✍️ Clawdis
Binspython
EnvZHIPU_API_KEY, GLM_OCR_TIMEOUT
Primary envZHIPU_API_KEY

Comments