OCR Space: Free OCR API
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill coherently performs OCR by sending user-specified images to OCR.space, with only disclosed third-party upload and minor packaging/temp-file cautions.
Before installing, make sure you are comfortable uploading requested images to OCR.space. Install any needed Python dependencies from trusted sources, and be aware that large images may cause the script to create and delete a compressed copy next to the original.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any private text or visual information in images submitted for OCR may be processed by OCR.space.
The script sends the selected image file to OCR.space for OCR processing. This is the stated function, but it means the image contents are shared with an external provider.
API_URL = "https://api.ocr.space/parse/image" ... response = requests.post(API_URL, files=files, data=data, headers=headers, timeout=30)
Use this skill only with images you are comfortable uploading to OCR.space, and review OCR.space's privacy or retention terms before using it for sensitive documents.
The skill may fail until dependencies are installed, and manual installation introduces normal package-source trust considerations.
The script depends on external Python packages, but the supplied artifacts include no install spec or pinned dependency declaration. This is a packaging/provenance note, not evidence of hidden install behavior.
import requests ... from PIL import Image
Install dependencies such as requests and Pillow only from trusted sources, or ask the maintainer to add a pinned requirements/install specification.
A neighboring file with the generated compressed-image name could be replaced during OCR of a large image.
For images over 5 MB, the script writes a deterministic compressed filename next to the original and later deletes it; if that generated filename already exists, it could be overwritten and removed.
compressed_path = image_path.replace('.jpg', '_compressed.jpg').replace('.png', '_compressed.jpg') ... with open(compressed_path, 'wb') as f: ... os.remove(image_path)Be cautious with large images in directories containing similarly named files, or update the script to use a unique temporary file with collision checks.