Skillv1.0.0

ClawScan security

Ocr Local Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill appears to do what it says — local OCR with Tesseract.js — and its requirements and instructions are proportionate, with a small note about an initial model download that requires network access.
Guidance: This skill is internally consistent and appears safe for local OCR use. Before installing, note: (1) Node and tesseract.js are required; run npm install or let your package manager install tesseract.js. (2) The first run will typically download Tesseract language data (~20MB per language) from the network unless you pre-cache traineddata — if you need fully offline use, pre-provision those files. (3) The skill warns and enforces guardrails: do not OCR remote URLs via the skill and do not transmit OCR output to external endpoints; outputs may contain secrets. (4) If you have strong security requirements, inspect the tesseract.js dependency source and the traineddata download host(s) to ensure they meet your policies. Otherwise this skill is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: noteName/description, package.json, SKILL.md, and scripts/ocr.js all align: the skill uses Node + tesseract.js to OCR local image files and supports Chinese/English. One caveat: although marketed as "100% local," SKILL.md and typical Tesseract.js behavior note that language traineddata (~20MB per language) is downloaded on first run — so an initial network download is expected unless the traineddata are pre-cached. This is a documented behavior, not inconsistent, but users expecting a fully offline install should be aware of it.
Instruction Scope: okThe runtime instructions and the script operate only on a user-specified local image path, accept language and --json flags, and output text/JSON to stdout. SKILL.md explicitly forbids fetching remote images and network exfiltration and the code does not perform network calls or read unrelated files or environment variables.
Install Mechanism: okThere is no risky download/install spec in the registry metadata; dependencies are standard (tesseract.js via npm) and package.json declares that dependency. Nothing is pulled from obscure URLs or extracted from archives by the skill itself.
Credentials: okThe skill requests no environment variables or credentials and does not declare any config paths. The scope of access (reading a user-specified local image file) is proportional to the stated purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent privileges. It does not attempt to modify other skills or system-wide configuration.