Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GT Simon Deepseek Ocr
v1.0.1Extract and return text content from images, screenshots, or scanned documents using DeepSeek OCR.
⭐ 0· 73·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to perform OCR. The bundled Node script (Scripts/index.js) implements a client that posts an image path to a DeepSeek OCR service, which aligns with the stated purpose only if such a service exists locally. However the runtime entry in skill.yaml points to handler.py, whose run() returns a static message and does no OCR. The SKILL.md usage name ('deepseek-ocr') and package.json bin name differ from each other and from the manifest entry, indicating poor/incorrect wiring between claimed capability and actual executable code.
Instruction Scope
The Node script resolves the absolute path of the provided image and sends that path in JSON to the OCR service. If the OCR host is overridden to a remote server, this leaks absolute filesystem paths (and confirms file existence). The SKILL.md does not mention that the OCR service must be local or that environment overrides exist. The handler that the runtime will actually call doesn't use the Node script, so the agent-invoked behavior is inconsistent with the included instructions.
Install Mechanism
No install script or remote downloads are present; this is an instruction/code-only package. There are no external install URLs or archive extraction steps to flag.
Credentials
The Node script reads DEEPSEEK_OCR_HOST and DEEPSEEK_OCR_PORT to override the OCR service address, but the skill declares no required env vars. Those environment options are not documented in SKILL.md or skill.yaml. Allowing the host to be set to an arbitrary network endpoint can enable exfiltration of file paths to remote servers, which is disproportionate to the stated simple OCR purpose unless explicitly documented and restricted to localhost.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes or extra privileges. It does not persist state or modify other skills.
What to consider before installing
This skill is inconsistent and potentially risky. Before installing or enabling it: (1) Ask the author why skill.yaml points to handler.py (which returns a static message) instead of the included Node CLI; (2) Confirm whether the OCR service is intended to be local only — if not, the Node script can leak absolute file paths to any host set via DEEPSEEK_OCR_HOST; (3) Request that environment variables (DEEPSEEK_OCR_HOST/DEEPSEEK_OCR_PORT) be declared in the manifest and documented in SKILL.md, and that the code be changed to send file contents rather than raw filesystem paths if remote OCR is supported; (4) Prefer a version where the runtime entry actually performs OCR or remove confusing unused files. If you cannot get these clarifications, treat the skill as untrustworthy and avoid running its CLI or allowing it to access sensitive images.Scripts/index.js:37
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97c07h4sgzvvr0yt4tth4syt983f208
License
MIT-0
Free to use, modify, and redistribute. No attribution required.