Agent Paddleocr Vision
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for OCR document processing, but users should notice that documents may be sent to a PaddleOCR cloud endpoint and that the outputs can drive downstream actions.
This skill is coherent for OCR and document understanding. Before installing, confirm that you trust the configured PaddleOCR endpoint, are comfortable uploading the documents you plan to process, and keep human approval in place before acting on suggested financial, identity, contact, or calendar actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive documents may leave the local machine for OCR processing by the configured PaddleOCR service.
The skill is explicitly designed to send documents, including potentially sensitive identity and financial documents, to a configured cloud OCR API.
OCR extraction via **PaddleOCR cloud API** (requires credentials) ... ID card, passport, bank statement, driver's license, tax form
Use only trusted PaddleOCR endpoints, understand the provider’s retention/privacy policy, and avoid processing documents you are not allowed to upload.
The skill can use the configured PaddleOCR account/token and may consume API quota or access provider-side OCR resources.
The skill requires a PaddleOCR access token and API endpoint to call the OCR provider, which is expected for its stated cloud-OCR purpose.
PADDLEOCR_DOC_PARSING_API_URL ... PADDLEOCR_ACCESS_TOKEN ... primaryEnv: PADDLEOCR_ACCESS_TOKEN
Use a scoped token where possible, keep it out of logs and shared shells, and rotate it if exposed.
If another agent or integration executes these suggestions too freely, it could create expenses, contacts, reports, calendar events, or other records based on OCR output.
The skill produces structured action suggestions that a downstream agent may execute, but the documentation frames execution as occurring after user confirmation.
Auto-execute: After user confirmation, call the function with `parameters` from `suggested_actions`.
Require explicit user review before any downstream action that changes accounts, records, calendars, contacts, or financial systems.