easydoc-parse
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent EasyDoc parsing integration, with the main caveats that selected documents and API keys are sent to EasyDoc services and endpoint overrides should be used carefully.
Before installing, confirm you trust the EasyDoc/EasyLink services and the publisher. Use the correct platform-specific API key, avoid untrusted --base-url overrides, and only upload documents you are allowed to send to an external parsing API.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a caller uses an unsafe endpoint override, documents and the API key could be sent somewhere other than the intended EasyDoc service.
The helper is designed to upload files with an API key and includes an endpoint override option. This is not shown as automatic or hidden, but it means users should avoid untrusted base URLs.
parser.add_argument("--base-url", default="", help="Optional base URL override for selected platform.") ... headers = {"api-key": api_key, "Content-Type": f"multipart/form-data; boundary={boundary}"}Use the default EasyDoc/EasyLink endpoints unless you explicitly trust the replacement endpoint, and confirm the file and platform before upload.
A key intended for one platform may be tried against the other platform if the expected platform-specific key is not set.
The script reads provider API keys from environment variables and may fall back to the other platform's key if the preferred key is missing.
if platform == "global":
for key in ("EASYDOC_API_KEY", "EASYLINK_API_KEY"):
...
else:
for key in ("EASYLINK_API_KEY", "EASYDOC_API_KEY"):Set the correct platform-specific key and pass --api-key explicitly when you want to avoid fallback behavior.
Users have less external provenance information for verifying the publisher or code history.
The registry metadata does not provide a source repository or homepage, which limits provenance review, although no remote installer or suspicious static-scan findings are shown.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the bundled script before use and install only if you trust the publisher and the EasyDoc service endpoints.
Parsed document content may influence later summarization or retrieval tasks if used as a RAG corpus.
The skill explicitly handles parsed JSON as retrieval context and recommends scoped search rather than full-file loading, which is appropriate but still involves using document-derived content in the agent context.
If the parsed output is being used for RAG, do not load the entire JSON file into context by default. ... Read only local slices
Treat parsed document text as untrusted content, retrieve only the needed slices, and avoid loading sensitive full documents into context unless necessary.