ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tesseract Ocr

v1.0.0

Extract text from images using the Tesseract OCR engine directly via command line. Supports multiple languages including Chinese, English, and more. Use this...

1· 3.2k·38 current·42 all-time
byWhaleFall@whalefell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, and SKILL.md all describe using the tesseract command-line OCR tool and multi-language packs — that's coherent. However, the skill metadata lists no required binaries while the instructions clearly depend on the tesseract CLI and language packs; the omission is an inconsistency (the skill will fail unless tesseract is present).
Instruction Scope
The runtime instructions stay on-topic: they only show how to install Tesseract via apt/brew and how to run the tesseract CLI against image files. They do not instruct reading unrelated files, accessing environment variables, or contacting external endpoints beyond package managers.
Install Mechanism
This is an instruction-only skill with no install spec or code files (low disk/write risk). The SKILL.md suggests running system package manager commands (sudo apt-get / brew), which is normal for installing system packages but requires administrative privileges when executed; there is no automated installer specified in the metadata.
Credentials
The skill requests no environment variables, credentials, or config paths. That is appropriate for a local CLI helper that uses the system tesseract binary and language packs.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent installation or modify other skills. There is no indication it would persist beyond normal usage.
Scan Findings in Context
[regex.scan.none] expected: No regex-based findings — expected because this is an instruction-only skill with no code files for the scanner to analyze.
What to consider before installing
This skill is small and conceptually simple: it tells the agent how to call the tesseract CLI to OCR images. Before installing or using it, verify these points: (1) ensure tesseract and any language packs you need are actually installed on your machine (the skill metadata does not declare the required binary); (2) installing via apt-get will require sudo/admin rights — only run those commands if you trust the source; (3) the skill runs commands on local files, so avoid passing sensitive images you don't want processed locally; (4) ask the publisher to update metadata to declare the tesseract binary requirement (and any language pack requirements) so the skill's declared requirements match its runtime instructions. If you want extra safety, run first in a controlled environment or confirm the agent's command execution behavior before giving it access to your files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7awm42jers4m818c01htx181cm03

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments