ClawHub

Image Parser

v0.1.1

Parse text and coordinates from images with SoMark (character/word/line positions on original image). Ideal for OCR-first image understanding where location...

1· 172·0 current·0 all-time
by@soul-code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares a single credential (SOMARK_API_KEY) and uses it to call SoMark's API (https://somark.tech/api/v1/extract/acc_sync) to extract text and bounding boxes. The required env var and network call match the stated purpose of parsing images via SoMark; there are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md instructs the agent to read the input file path, run the included Python script, and return structured outputs. The instructions limit data transfer to the SoMark API and local output files, explicitly warn against sending the API key in chat, and instruct treating parsed content as data only. There are no instructions to read unrelated system files, credentials, or to transmit data to unknown endpoints.
Install Mechanism
There is no install spec (instruction-only plus an included Python script), so nothing is downloaded or installed at install time. The script relies on standard Python stdlib (urllib, argparse, json, pathlib), which is appropriate and low-risk for this purpose.
Credentials
Only SOMARK_API_KEY is required and it is the declared primary credential. The SKILL.md and script prefer reading the key from the environment and warn against passing it on the command line. No other secrets, config paths, or unrelated environment variables are requested.
Persistence & Privilege
The skill does not request always: true or any elevated persistence. It writes outputs to a user-specified output directory and does not modify other skills or system-wide configuration. Autonomous invocation is allowed by default (platform behavior) but not combined with any other high-risk privileges.
Assessment
This skill appears coherent: it uses your SOMARK_API_KEY to call SoMark's API and returns parsed text+bounding boxes. Before installing, confirm you trust somark.tech as a third-party processor (you'll be uploading images to their API), do not paste the API key into chat, set SOMARK_API_KEY in your environment (not via CLI flags), and avoid sending highly sensitive documents unless you accept the privacy implications. Because the skill includes a Python script, you can review or run it locally to verify behavior; the script only posts files to somark.tech and writes local JSON/markdown outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ar9z2vdqdtmqwj0rs7dtjr1849gm5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧭 Clawdis
EnvSOMARK_API_KEY
Primary envSOMARK_API_KEY

Comments