OCR Locally
PassAudited by ClawScan on May 4, 2026.
Overview
This skill appears to perform local OCR as described, but users should notice that it runs bundled Swift scripts, can write OCR results to files, and has under-declared macOS/Swift metadata.
This appears safe for its stated purpose if you are comfortable running local Swift scripts on macOS. Before installing, note that OCR may expose sensitive document text in the agent conversation or output files, and choose output paths carefully to avoid overwriting files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may not realize from the registry metadata that installing the skill includes local code that will be run with Swift on macOS.
The package metadata under-declares the runnable Swift scripts and runtime dependency, even though the manifest includes scripts and the SKILL.md instructs users to run them. This is a provenance/packaging clarity issue, not evidence of hidden malicious behavior.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: No code files present — this is an instruction-only skill. ... File manifest: ... scripts/ocr_vision_pro.swift ... scripts/pdf_ocr.swift
Treat this as a local-code skill: review the included Swift scripts, ensure Swift/macOS requirements are acceptable, and prefer metadata that declares the macOS and swift runtime requirements.
The skill will run code on the user's Mac to process files the user provides.
The skill's normal operation executes local Swift scripts. This is purpose-aligned for local OCR and the provided code uses native macOS OCR/PDF APIs, but it is still local code execution.
swift scripts/ocr_vision_pro.swift <image_path> ... swift scripts/pdf_ocr.swift <pdf_path>
Run it only on intended files, keep prompts user-directed, and inspect the scripts before first use if installing from an unknown source.
OCR results may be saved to local files, and existing files at the chosen output path may be replaced.
The OCR script can write extracted text and confidence details to user-specified paths. This is expected for an OCR tool, but output paths could overwrite files if chosen carelessly.
try text.write(toFile: absolutePath, atomically: true, encoding: .utf8)
Use explicit safe output paths, avoid protected or important filenames, and quote/validate user-provided paths when constructing commands.