Skillv1.0.0

ClawScan security

Baidu Ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 10:42 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (Baidu OCR) is plausible, but the package contains hard-coded Baidu API credentials and the runtime instructions ask you to set your own credentials — a mismatch that could cause your images to be sent using the publisher's account and quota.
Guidance: Do not run this skill as-is on sensitive images. The included baidu_ocr.py contains hard-coded BAIDU API credentials (visible in the file and referenced in the activation guide), while SKILL.md tells you to set your own credentials — this mismatch means your images will likely be uploaded using the publisher's Baidu account (potential privacy, quota, and billing concerns). Before installing or running: 1) Inspect baidu_ocr.py and remove the embedded API_KEY/SECRET_KEY or replace them with code that reads BAIDU_API_KEY and BAIDU_SECRET_KEY from the environment/config. 2) Confirm the code prioritizes environment variables over any hard-coded defaults. 3) Optionally, run the script in an isolated environment or sandbox and monitor network calls to verify destination endpoints. 4) If you cannot or will not modify the code, consider rejecting the skill or asking the publisher why their credentials are embedded and whether they intend to collect images. If you previously used the embedded key unintentionally, consider contacting Baidu or rotating/revoking keys associated with your own account and review any sensitive data that may have been sent. Additional info that would change this assessment: if the maintainer publishes an updated version that removes hard-coded credentials and clearly documents that only the user's API keys are used, the concern would be resolved.

Review Dimensions

Purpose & Capability: concernName/description, required binaries (python3), and requested env vars (BAIDU_API_KEY, BAIDU_SECRET_KEY) match an OCR integration. However the shipped Python script embeds a different API_KEY/SECRET_KEY pair and does not read environment variables — the credential requirements in metadata/SKILL.md are thus inconsistent with the actual code.
Instruction Scope: concernSKILL.md instructs the agent/user to set BAIDU_API_KEY and BAIDU_SECRET_KEY and to run the bundled script. The script, however, ignores env/config and uses hard-coded credentials to call Baidu's OCR endpoints, meaning images provided to the skill will be uploaded under the included account rather than the user's. Instructions otherwise stay within OCR purpose and use legitimate Baidu endpoints.
Install Mechanism: okNo external install/downloads or third-party URLs — the skill is instruction-only with a local Python script. This low install footprint reduces supply-chain risk. Metadata lists dependencies (requests, Pillow); the script imports requests but not Pillow (minor inconsistency).
Credentials: concernThe skill declares BAIDU_API_KEY and BAIDU_SECRET_KEY as required—which is appropriate for an OCR integration—but the code bypasses these and uses embedded credentials. That is disproportionate and suspicious because it removes the need for the user's keys and routes data through the publisher's account.
Persistence & Privilege: okNo 'always: true', no install-time changes to system or other skills, and the skill does not request elevated system privileges. It only requires running a Python script on demand.