Textin Parse
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Textin document parser, but it requires Textin API credentials and sends selected documents to Textin for processing.
This skill is coherent for Textin-based document parsing. Before using it, make sure you are comfortable giving it a Textin API credential and sending the selected documents to Textin; protect or rotate the API secret if it may be exposed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to that local config file may be able to use the user's Textin API account, potentially consuming quota or incurring charges.
The skill stores the Textin app ID and secret code in a persistent local config file so it can authenticate to the Textin API.
CONFIG_FILE = os.path.expanduser("~/.openclaw/textin-config.json") ... config = {"app_id": app_id, "secret_code": secret_code}Use a dedicated Textin credential if possible, keep the config file private, avoid sharing the secret in public/shared chats, and rotate the credential if it may have been exposed.
Private or confidential document contents will leave the local environment and be processed by Textin.
The parser sends the contents of a user-selected local document to Textin's external API for processing.
API_URL = "https://api.textin.com/ai/service/v1/pdf_to_markdown" ... with open(file_path, "rb") as f: response = requests.post(API_URL, params=params, headers=headers, data=f)
Only parse documents you are comfortable sending to Textin, and review Textin's data handling/privacy terms for sensitive files.