Skillv1.0.0

ClawScan security

文档识别-表格识别（invoice-ocr-xy）翔云平台 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 3:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (calling 翔云/NetOCR to OCR documents); nothing requests unrelated credentials or installs unusual software, but it stores user API keys in a local plaintext config and encourages the agent to ask the user for secrets — handle those carefully.
Guidance: This skill appears to do what it says: send document data to the NetOCR API to perform OCR. Before installing/using it: (1) Do not paste your netocr_key/netocr_secret into chat — instead run the script locally with --config to store credentials in the skill directory. (2) Be aware config.json stores credentials in plaintext under the skill folder; treat that file as sensitive and restrict access. (3) Documents you process are uploaded to a third-party service (netocr.com) — ensure you're comfortable with that for any sensitive documents and check billing implications. (4) If you must provide credentials via conversation, understand that they may be retained in logs; prefer local configuration. If you want, I can point out the exact config path and show how to run the script locally to avoid sharing secrets in chat.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and scripts/recognize_doc.py consistently implement a document OCR skill that calls the netocr.com API. The script sends base64-encoded file data to https://netocr.com/api/recog_table_base64 and expects netocr_key/netocr_secret credentials — this is coherent with the stated purpose.
Instruction Scope: noteSKILL.md instructs the agent to scan folders or single files and to ask the user for netocr_key/netocr_secret or guide them to run the script with --config. The runtime instructions and code operate only on files the user points the script at and the NetOCR endpoint. Note: the skill's instructions explicitly recommend 'proactively asking the user' for credentials (see risk section).
Install Mechanism: okNo install spec; this is an instruction + local Python script. No external downloads or package installs are performed automatically. The only optional dependency is Pillow (PIL) for image conversion, which is documented in the script.
Credentials: noteThe skill does not request unrelated environment variables. It requires the NetOCR API key and secret, which is appropriate. However, credentials are saved in a local config.json inside the skill directory in plaintext (unencrypted). SKILL.md encourages the agent to 'actively ask' the user for credentials in conversation — this risks credential disclosure into chat logs or conversation history. Prefer local --config usage rather than pasting secrets into chat.
Persistence & Privilege: okSkill is user-invocable and not always-enabled; it does not request elevated privileges, does not modify other skills, and stores config only in its own skill directory. No persistent system-wide changes detected.