License Plate Reader
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: license-plate-reader Version: 1.0.1 The license-plate-reader skill is a legitimate tool designed to interface with the TrafficEye ALPR API. The core logic in recognize_plate.py uses standard Python libraries (urllib) to upload user-provided images and parse JSON responses, with no evidence of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your TrafficEye API key will be used to authenticate recognition requests, and a misconfigured auth mode or endpoint could expose that key.
The skill uses a provider credential and supports multiple credential transport modes. This is expected for TrafficEye API access, but query or form transport can expose keys more easily than header/bearer modes if selected.
`TRAFFICEYE_API_KEY`: required unless passed explicitly to the helper. ... `TRAFFICEYE_API_KEY_MODE`: one of `header`, `bearer`, `form`, `query`. Default: `header`.
Use the default header mode when possible, keep the API key scoped to TrafficEye use, and only set a custom API URL or query/form key mode if your deployment specifically requires it.
Images you provide may leave your local environment and be processed by TrafficEye.
The core workflow sends a local image to an external provider. This is purpose-aligned for license-plate OCR, but images and plate text can be privacy-sensitive.
Uploads the image to the TrafficEye recognition API.
Only use this skill with images you are allowed to upload, and confirm TrafficEye's privacy and retention terms if the images contain personal, business, or location-sensitive information.
You have less independent provenance information for the helper code beyond the packaged artifact and publisher metadata.
The registry metadata does not identify a source repository or provenance for the bundled helper. This is a provenance gap, not evidence of malicious behavior.
Source: unknown
Review the bundled helper before installing in sensitive environments and prefer trusted publisher or source-linked releases when available.