Skillv2.0.0

ClawScan security

Image To Code · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 10:42 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement the advertised image→code conversion, but it embeds hard-coded Baidu OCR credentials and will upload images to an external OCR service (privacy/credential risk) rather than relying only on local/offline OCR.
Guidance: This skill implements image→code conversion and uses OCR/heuristics as advertised, but it embeds and uses hard-coded Baidu OCR credentials and will upload base64-encoded images to Baidu's API by default. Consider the following before installing or running it: - Privacy: any images you process may be sent to an external service (Baidu) under the embedded key. Do not run it on sensitive documents unless you understand where data is sent and trust that endpoint. - Credentials: hard-coded API keys are unsafe. Prefer a version that requires you to configure your own API key (via env var or config file) or remove cloud OCR and use an offline engine (Tesseract/PaddleOCR). If you discover these keys are active and you control accounts associated with them, rotate/revoke them. - If you need offline-only processing, modify the code to disable Baidu OCR and ensure use_tesseract/PaddleOCR is enabled and configured; verify requirements and system dependencies for local OCR. - Audit network calls (requests.post) and any logging the skill performs; if you cannot inspect runtime traffic, run in an isolated environment (no network) or sandbox first. - The install script will pip-install heavy packages (paddlepaddle/paddleocr); run in a virtualenv/container to avoid altering system Python packages. Given these issues, treat the provided Baidu integration and its embedded credentials as a blocker until you either supply your own credentials or explicitly disable remote OCR.
Findings: [hardcoded-credentials] unexpected: image_to_code.py includes plaintext baidu_api_key and baidu_secret_key values and then requests an access_token and posts base64-encoded image data to Baidu OCR endpoints. Hard-coded service credentials are not expected for a general-purpose converter and create privacy/credential risks (images uploaded without user-provided API keys).

Review Dimensions

Purpose & Capability: okName/description (image → code, OCR, formula detection, title extraction) align with the included code, tests, and docs. Use of OCR engines (Tesseract / PaddleOCR / Baidu OCR / vision AI) and post-processing for LaTeX/title extraction is coherent with the stated purpose.
Instruction Scope: concernSKILL.md and the code instruct the agent to perform OCR, formula conversion, and to optionally call external vision AI. The runtime instructions and code will convert images and may call remote OCR/vision endpoints. They also recommend using external cloud vision (GPT-4V/Claude Vision/Google/Azure) as options — this means image contents (potentially sensitive) can be transmitted off-host. The SKILL.md and usage docs imply default/cloud-first behavior (Baidu OCR high-precision) which is broader than a strictly offline OCR helper.
Install Mechanism: noteThere is no platform install spec, but an install.sh and requirements.txt are provided. install.sh runs pip install -r requirements.txt (paddlepaddle/paddleocr/opencv/numpy/Pillow) which are expected for OCR/image processing but can be heavy; no downloads from untrusted URLs are present. This is standard but will install large packages (paddlepaddle) and may require system dependencies.
Credentials: concernThe skill declares no required environment variables or credentials, yet image_to_code.py contains hard-coded Baidu API key and secret (plaintext strings) and makes network calls to Baidu OCR endpoints, which is disproportionate: either the skill should ask the user to provide API credentials (env/config) or operate fully offline. Hard-coded credentials are a security/privacy concern and make the skill operate with third-party access to user images without explicit configuration.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide configuration, and does not request privileged persistence. It installs dependencies into the environment via pip if run, which is normal for a Python skill.