Tesseract OCR Image Text Extraction
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: tesseract-image-ocr Version: 1.0.0 The tesseract-image-ocr skill is a legitimate tool for performing Optical Character Recognition (OCR) using the Tesseract.js library. The code in scripts/ocr.js and the instructions in SKILL.md are well-structured, providing standard functionality for text extraction, orientation detection, and region-specific recognition without any signs of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency will run code from the npm package ecosystem; a future or compromised package version could affect the local environment.
The setup pulls an unpinned npm package manually, while the registry provides no install spec or lockfile. This is expected for a Tesseract.js OCR skill, but it leaves dependency provenance and version reproducibility to the installer.
cd /root/.openclaw/workspace/skills/tesseract-ocr && npm init -y > /dev/null 2>&1 && npm install tesseract.js
Install only from a trusted npm registry, consider pinning tesseract.js to a known version with a lockfile, and verify the target skill directory before running the setup command.