ClawHub

Personal Card Ocr

v1.0.3

将图片中的文字、身份证、银行卡、社保卡、户口本、出生医学证明、往来港澳通行证、往来台湾通行证、台湾居民来往大陆通行证、港澳居民来往内地通行证等信息识别并提取出来。本技能应在用户需要 OCR 识别图片中的文字,或识别身份证、银行卡、社保卡、户口本、出生医学证明、往来港澳通行证、往来台湾通行证、台湾居民来往大陆通行证...

0· 79·0 current·0 all-time
by@scnet-sugon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request OCR for personal documents and the skill requires a single SCNET_API_KEY and optional SCNET_API_BASE, and calls an OCR endpoint; the required credential and network access match the stated purpose.
Instruction Scope
SKILL.md and scripts/main.py instruct the agent to read a local image file and POST it to https://api.scnet.cn/api/llm/v1/ocr/recognize. This is within purpose, but the behavior transmits sensitive PII (IDs, bank cards, etc.) to an external service — expected for a cloud OCR integration but high-sensitivity and worth highlighting.
Install Mechanism
No install spec; this is instruction-only plus a small Python script that uses the requests library. No downloads from untrusted URLs or extraction steps are present.
Credentials
Only one required credential (SCNET_API_KEY) and an optional SCNET_API_BASE are declared and actually used. The script reads a config/.env or suggests env var usage; the credential request is proportionate to calling a third-party OCR API.
Persistence & Privilege
always:false and no code modifies other skills or system-wide configs. The skill stores/reads a local config/.env if the user places it there, which is normal and limited in scope.
Assessment
Before installing, note these practical points: - Privacy: This skill uploads images (IDs, bank cards, birth certificates, etc.) to the Scnet API (https://api.scnet.cn). If you cannot share such sensitive PII with an external provider, do not use it. - API key handling: The skill requires SCNET_API_KEY. Prefer setting it as an environment variable rather than placing it in config/.env tracked by a repository; if you use a file, set file permissions (chmod 600) and avoid committing it to source control. - Provider verification: The skill's homepage in skill.yaml is a placeholder GitHub URL; the source/origin is 'unknown' in the registry metadata. Verify the Scnet service and the repository/maintainer before trusting the API or sending real documents. - Operational notes: The script respects rate limits and retries on 429. It prints OCR JSON to stdout; the script removes 'confidence' fields from results (harmless but notable). - Alternatives: If privacy is a priority, consider on-device OCR solutions or an OCR provider with an explicit enterprise privacy / data-retention policy. If you want more assurance, ask the author for the canonical repository/homepage, their privacy policy, or for an option to run a local/offline OCR model instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dwmbqq0fjv101tgp30dtxjn84y3sr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments