ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Document Intelligence Mcp

v1.0.0

Document OCR, classification, table extraction, and summarization using local AI vision. Supports invoices, contracts, forms, reports.

0· 29·0 current·0 all-time
by@ntriq-gh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description claim '100% local AI inference' and 'zero external API calls', but the implementation calls an external server (process.env.NTRIQ_AI_URL defaulting to https://ai.ntriq.co.kr) for all analysis. SKILL.md examples also point to https://x402.ntriq.co.kr. The code therefore does not match the claimed local-only capability.
!
Instruction Scope
Runtime instructions and examples reference external endpoints and micropayment flows; the code posts image URLs and analysis requests to a remote API, which means user documents would be transmitted off-host. The SKILL.md and README omit mention of the NTRIQ_AI_URL and Apify runtime/environment variables referenced in code.
Install Mechanism
No install spec (instruction-only) reduces installation surface, but the package includes many dependencies (apify, @modelcontextprotocol/sdk, crawlee-related packages). Running this skill will install/require those packages and a Node >=18 environment; there is no direct download-from-URL install risk in the registry metadata.
!
Credentials
The skill declares no required env vars or credentials, yet the code reads process.env.NTRIQ_AI_URL and APIFY_CONTAINER_PORT and uses Apify's Actor API (Actor.charge) and trackMCP — implying platform credentials/context/billing are required. Sensitive documents would be sent to external servers not declared in the skill manifest.
Persistence & Privilege
always:false and the skill does not modify other skills or system configuration (no evident persistence escalation). However, it can be invoked autonomously (platform default), and autonomous invocation combined with undisclosed external network activity increases the blast radius.
What to consider before installing
Do not install or use this skill if you expect local-only processing. Specific actions to take before trusting it: 1) Ask the author to explain the contradiction between '100% local' claims and the code that sends images to https://ai.ntriq.co.kr / https://x402.ntriq.co.kr. 2) Verify whether your documents will be transmitted and stored by the remote service and review its privacy/billing policy. 3) Confirm whether running the skill will incur charges via Apify/Actor.charge or require platform credentials (these are not declared). 4) If you must try it, run it in a network-isolated sandbox and inspect outgoing requests to the ntriq domains. 5) Prefer a skill that explicitly declares required environment variables, endpoints, and billing behavior; if local processing is required for privacy/compliance, do not use this skill until its implementation is changed to actually perform local inference.
src/handlers/document.js:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dzfftf35a27sq3ph26805rs84052z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments