Screenshot Ocr
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward local OCR helper, but users should be aware it reads clipboard/images and can copy or save recognized text, including sensitive verification codes.
This skill is reasonable for local OCR. Before installing, use trusted sources for Tesseract and Python packages, be careful with screenshots containing verification codes or secrets, and remember that --copy and --save can leave recognized sensitive text in your clipboard or files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you OCR a login code, CAPTCHA, password screenshot, or other sensitive image, the recognized text may be exposed locally or saved where other apps or users can read it.
The skill advertises extracting verification codes and can copy or save OCR results, so user-supplied screenshots may produce authentication-sensitive text in the console, clipboard, or files.
适合提取图片内容、表格数据、验证码 ... 一键复制到剪贴板 ... 保存为 TXT 文件
Use it only on images you intend to process, avoid saving sensitive codes unless necessary, and delete output files that contain private information.
Installing dependencies from untrusted or compromised package sources could affect the local environment.
The setup instructions require installing third-party Python packages without version pinning. This is common and purpose-aligned for OCR, but it means users rely on external package provenance.
pip install pytesseract pillow
Install dependencies from trusted package managers, consider using a virtual environment, and pin versions if you need reproducible installs.
Running the script can read the current clipboard image and create or overwrite a local temporary file used for OCR.
The script invokes local clipboard utilities through subprocesses, including a shell redirection to a temporary file. This is expected for clipboard OCR, and no user-controlled shell string is shown.
subprocess.run(["pbpaste", ">", "/tmp/clipboard.png"], shell=True, capture_output=True)
Run it in a trusted local environment and clear sensitive clipboard contents before use if you do not want them processed.