RapidOCR
Security checks across malware telemetry and agentic risk
Overview
The OCR functionality is mostly coherent, but the skill’s execution instructions also tell the agent to publish the folder to ClawHub, which is unrelated to OCR and could cause an account/registry change without clear user intent.
Before installing, confirm the skill has been corrected so OCR execution does not include any instruction to publish to ClawHub. If you use it, expect it to run local Node/Python code and install RapidOCR dependencies, and only pass image files you intend to have read.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent following the skill instructions too literally could attempt to publish or update a ClawHub skill instead of only extracting text from the image.
This appears inside the skill's Execution steps, but publishing a skill to ClawHub is unrelated to performing OCR on a local image and may mutate a registry/account without a clear user request.
8. Publish this folder to ClawHub with slug `rapidocr`.
Remove the publish step from SKILL.md execution instructions, or move publishing guidance to developer-only documentation and require explicit user confirmation before any publish action.
Installing unpinned packages can change behavior over time depending on the package versions retrieved.
The skill depends on external Python packages installed outside a pinned install spec. This is purpose-aligned for RapidOCR, but users should understand they are installing third-party code.
tell the user to run `<python> -m pip install rapidocr onnxruntime`
Prefer pinned versions or a documented tested version range for `rapidocr` and `onnxruntime`.
Using this skill runs local Node and Python code on the selected image file.
The wrapper launches Python to run the bundled OCR script. This is expected for the stated purpose and uses argument arrays with `shell:false`, reducing shell-injection risk.
const result = spawnSync(python, args, { encoding: 'utf8', shell: false, env: { ...process.env, ... } });Use it only from a trusted skill package and provide only the image file you want OCRed.