Tesseract OCR Image Text Extraction
PassAudited by ClawScan on May 5, 2026.
Overview
This skill is a coherent OCR helper, with the main caution that it asks the user to manually install an unpinned npm dependency.
Before installing, verify the npm package and consider pinning its version. Use the skill only on images or URLs you intend to OCR; no credentials are required.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency will run code from the npm package ecosystem; a future or compromised package version could affect the local environment.
The setup pulls an unpinned npm package manually, while the registry provides no install spec or lockfile. This is expected for a Tesseract.js OCR skill, but it leaves dependency provenance and version reproducibility to the installer.
cd /root/.openclaw/workspace/skills/tesseract-ocr && npm init -y > /dev/null 2>&1 && npm install tesseract.js
Install only from a trusted npm registry, consider pinning tesseract.js to a known version with a lockfile, and verify the target skill directory before running the setup command.