GLM-OCR-Table
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for table OCR using the ZhiPu GLM-OCR API, but users should notice that local documents may be uploaded to an external service using their API key.
This skill appears purpose-aligned for extracting tables through ZhiPu GLM-OCR. Before installing, make sure you are comfortable providing a ZHIPU_API_KEY and sending the selected images or PDFs to ZhiPu’s API, especially if they contain private financial, invoice, or business data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you prefer an offline method or a different OCR provider, the skill instructions may push the agent toward ZhiPu GLM-OCR instead.
The skill gives forceful instructions that constrain the agent to this API-based workflow and discourage alternatives.
ONLY use GLM-OCR API ... NEVER parse tables yourself ... NEVER offer alternatives ... NO fallback methods
Use this skill only when you intentionally want ZhiPu GLM-OCR processing; otherwise ask the agent not to use this skill.
Your API key may grant account access or incur usage charges for OCR requests.
The script reads a ZhiPu API key from the environment and uses it as a bearer credential for API calls.
api_key = _get_env("ZHIPU_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"Use a dedicated, least-privilege API key where possible and avoid sharing command outputs or logs that might expose credentials.
Images or PDFs you process, including financial statements or invoices, may be transmitted to the ZhiPu service for OCR.
For local files, the script reads the file, base64-encodes it, and sends it in a JSON request to the OCR API.
data = path.read_bytes() ... return f"data:{mime};base64,{b64}" ... requests.post(api_url, json=payload, headers=headers, timeout=timeout)Do not use this skill on documents you are not allowed to send to ZhiPu; review the provider’s data handling terms for sensitive files.
Installing Python packages from the public package ecosystem can introduce normal dependency supply-chain risk.
The script depends on an external Python package and suggests manual pip installation if it is missing.
pip install requests\nOr install all dependencies: pip install -r requirements.txt
Install dependencies in a trusted virtual environment and prefer pinned, reviewed dependencies when available.