ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OCR with python

v1.0.0

Extract Chinese and English text from images and scanned PDFs, including documents like invoices and contracts, using PaddleOCR in Python.

0· 1.3k·10 current·10 all-time
byRoamer 徐@roamer-remote
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (OCR for Chinese/English PDFs and images) matches the provided scripts and README. The code imports PaddleOCR and PyMuPDF (fitz) as described, and implements PDF image extraction and image OCR.
Instruction Scope
SKILL.md and scripts/ocr.py limit actions to extracting images from PDFs, running PaddleOCR on images, printing or writing recognized text, and cleaning up temp files. The instructions do not ask the agent to read unrelated system files, transmit data to external endpoints, or access secrets.
Install Mechanism
There is no automated install spec; SKILL.md advises using pip3 to install paddlepaddle and paddleocr. This is an expected, proportionate dependency installation approach for a Python OCR skill (note: pip will fetch packages from PyPI; paddlepaddle is large and platform-dependent).
Credentials
The skill requests no environment variables, credentials, or config paths. The requested runtime imports (paddleocr, fitz) are appropriate for OCR/PDF extraction and are proportional to the stated purpose.
Persistence & Privilege
Skill does not request persistent system privileges, does not set always:true, and does not modify other skills or system-wide agent settings. It runs as a normal invokable tool without elevated persistence.
Assessment
This skill appears to be a straightforward OCR helper. Before installing or running: (1) review and run the script in an isolated environment/virtualenv because pip will install large native packages (paddlepaddle) that may require specific platform/driver support; (2) confirm you trust the source (homepage unknown); (3) avoid feeding sensitive documents to unknown third-party tools if you cannot verify where processing occurs — this script runs locally, but dependencies could change behavior if malicious packages are installed; (4) consider running on a disposable VM or container and inspect temporary files under /tmp if you have multi-user concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drfkvtw2yj3yqbgkgd809ss81k4f9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments