ClawHub
Back to skill
v1.0.4

GLM-OCR

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:34 AM.

Analysis

This OCR skill appears purpose-aligned, but users should notice that selected files or URLs are sent to GLM/Zhipu and an API key is stored locally.

GuidanceThis skill is reasonable for GLM-based OCR if you trust the provider and protect your API key. Before installing or using it, confirm that your images, PDFs, or URLs are allowed to be sent to GLM/Zhipu, and keep the generated .env file out of shared folders and version control.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
**ONLY use GLM-OCR API** ... **NEVER offer alternatives** ... **IF API fails** - Display the error message and STOP immediately

The skill gives strict tool-choice and stopping instructions. They are aligned with keeping OCR work on the GLM API path, but they could prevent the agent from offering alternate approaches when a user might want them.

User impactIf the API fails or is unavailable, the agent may stop instead of suggesting another OCR method.
RecommendationBe aware that this skill is designed to prefer the GLM OCR API path; invoke another tool or workflow separately if you want a fallback.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/config_setup.py
env_vars = {"ZHIPU_API_KEY": api_key} ... f.write(f"{key}={value}\n")

The setup helper writes the API key into a local .env file. This is expected for an API integration, but it creates a persistent local credential.

User impactAnyone or any process that can read the skill's .env file may be able to use the configured GLM/Zhipu API key.
RecommendationKeep the .env file private, avoid committing it to version control, and rotate the API key if it is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
scripts/glm_ocr_cli.py
DEFAULT_API_URL = "https://open.bigmodel.cn/api/paas/v4/layout_parsing" ... data = path.read_bytes() ... resp = requests.post(api_url, json=payload, headers=headers, timeout=timeout)

Local files are read, encoded into the API payload, and sent to the external GLM OCR endpoint. This matches the OCR purpose, but private documents could be transmitted to the provider.

User impactImages, PDFs, or document URLs submitted for OCR may be processed by the external GLM/Zhipu service.
RecommendationOnly use the skill with files or URLs you are comfortable sending to the GLM OCR provider, especially for confidential documents.