Zerox
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but its background notification code can run AppleScript built from an unescaped filename, so a specially named document could trigger local commands on macOS.
Review this skill before installing. It is purpose-aligned for document-to-Markdown conversion, but avoid background mode for files with untrusted or unusual filenames until the osascript escaping issue is fixed, and only use it for documents you are comfortable sending to the configured OCR/model provider.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On macOS, converting a document with a specially crafted filename in background mode could cause unintended AppleScript or shell commands to run as the user.
The user-controlled input filename is inserted into AppleScript source without escaping and then executed with osascript after background conversion.
const notifyScript = `... subtitle "${path.basename(filePath)}"`; spawn("osascript", ["-e", notifyScript]).unref();Escape the filename before embedding it in AppleScript, pass only literal notification text through a safer API, or remove osascript notifications; until fixed, avoid background conversion for files with untrusted names.
A large conversion may continue running and consuming API quota after the visible command has returned.
The background converter intentionally detaches and continues after the wrapper process exits.
const child = spawn("node", [converterPath, filePath, outputPath], { detached: true, stdio: ["ignore", "pipe", "pipe"] }); ... child.unref();Use foreground mode for small files, monitor the logged PID/progress for background jobs, and provide a clear cancellation procedure.
The key can authorize paid API usage for document OCR/conversion, though the artifacts do not show the key being logged or sent anywhere unrelated.
The script falls back to reading a local APIYI API key from OpenClaw's .env file when the environment variable is not set.
const envPath = path.join(process.env.HOME || "~", ".openclaw", ".env"); ... envContent.match(/APIYI_API_KEY\s*=\s*(.+)/);
Use a scoped API key where possible, store it securely, and monitor provider usage.
Document contents may be processed by an external model/API provider, which matters for confidential PDFs, images, DOCX, or PPTX files.
The selected document path and API credential are handed to the zerox/OpenAI-compatible model workflow for OCR/conversion.
const result = await zerox({ filePath: filePath, modelProvider: "OPENAI", model: "gpt-4o", credentials: { apiKey: apiKey } });Only convert documents you are allowed to send to the configured provider, and review APIYI/OpenAI-compatible provider privacy and retention terms.
The actual runtime code may differ from the packaged artifacts, and dependency updates could overwrite or change the patched behavior.
The setup depends on installing a third-party package and manually modifying code inside node_modules to change the API endpoint.
npm install zerox --ignore-scripts ... 需要把node_modules目录下的zerox源码的openAI.js文件中的API端点地址改为 https://api.apiyi.com/v1
Pin the dependency version, include a reviewed patch or configuration-based endpoint setting, and avoid manual node_modules edits where possible.