ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ucloud-deepseek-ocr

v1.0.0

OCR text recognition using DeepSeek-OCR model. Use when user asks for OCR, text recognition, image text extraction, screenshot recognition, or converting ima...

0· 623·3 current·5 all-time
by@qianjunye
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binaries (curl, jq, base64), and the single API key align with an OCR integration that sends base64 images to a remote model. However there are small mismatches: SKILL.md examples reference {baseDir}/scripts/ocr.sh while the repository provides script/ocr.sh (singular), and SKILL.md documents storing the key in ~/.openclaw/openclaw.json while the script actually sources ~/.openclaw-env. These inconsistencies may cause confusion or breakage.
!
Instruction Scope
The runtime script behaves as expected for OCR (base64-encodes local images and posts to the model API). But it unconditionally sources ~/.openclaw-env if present. Sourcing a user file can execute arbitrary shell commands and may load unrelated environment variables; that is broader scope than necessary for OCR and is a potential local-execution risk. The script also prints an instruction telling the user to 'source ~/.openclaw-env', reinforcing this dependency even though the SKILL.md suggests a different config location.
Install Mechanism
Instruction-only skill with no install spec; no external downloads or archive extraction. This is the lower-risk installation pattern.
Credentials
Only DEEPSEEK_OCR_API_KEY is declared as required (appropriate for a remote OCR API). However the script optionally reads DEEPSEEK_OCR_API_URL (mentioned in SKILL.md but not listed as required) and sources ~/.openclaw-env, which could contain many unrelated secrets. Sourcing a file increases the chance that unrelated credentials or commands are executed or used, so the effective environment access is broader than declared.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system settings. It runs as an on-demand script, so no elevated persistence is requested.
What to consider before installing
This script mostly does what the skill claims (encode an image and call a remote OCR model) but has a few red flags: 1) The SKILL.md path ({baseDir}/scripts/ocr.sh) does not match the provided file (script/ocr.sh) — verify the correct path before running. 2) The script sources ~/.openclaw-env if present; avoid running it if that file might contain untrusted commands or secrets. Consider opening that file to inspect its contents, or run the script in a controlled environment (container or sandbox). 3) Confirm you trust the API host (https://api.modelverse.cn by default) before providing DEEPSEEK_OCR_API_KEY. 4) If you want the key stored in ~/.openclaw/openclaw.json as documented, understand the script will not read that file unless you modify it. If you are not comfortable with these issues, request a corrected SKILL.md and/or a version of the script that reads a specified config file (without sourcing) or accepts the API key via an explicit argument or a securely-loaded env var.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ghgva7p7smm71mnmx9ngqs820vfb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binscurl, jq, base64
EnvDEEPSEEK_OCR_API_KEY
Primary envDEEPSEEK_OCR_API_KEY

Comments