Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
China Doc Ocr
v1.1.0智能文档OCR识别与结构化提取。Use when the user has a complex document, PDF, scanned image, photo, invoice, receipt, ID card, table, or chart that needs to be recognized a...
⭐ 0· 636·4 current·4 all-time
by@tobewin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (document OCR and structured extraction) align with the declared requirements: curl + python3 and a SILICONFLOW_API_KEY to call api.siliconflow.cn. The external API key is necessary for the stated cloud OCR models (PaddleOCR, DeepSeek, Qwen).
Instruction Scope
Instructions tell the agent to read local files (images/PDFs), base64-encode them, and POST them to https://api.siliconflow.cn; this is expected for OCR. Note: the skill suggests storing the API key in ~/.openclaw/.env and uses OPENCLAW_WORKSPACE for output — both are reasonable but the instructions will transmit document contents (including sensitive data) to the third-party service.
Install Mechanism
No install spec or remote downloads; instruction-only skill that relies on existing curl/python3. Low install risk because nothing is written to disk by the skill itself beyond any files the user already provides.
Credentials
Only one credential is required (SILICONFLOW_API_KEY) and it is the primary credential used to call the documented API. The skill does not request unrelated credentials or config paths. It does recommend sharing the same key across related skills (china-image-gen, china-tts), which is a convenience but has security implications if you want isolation.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modification of other skills. Autonomous invocation is allowed by default but is not combined with elevated privileges or unrelated credential access.
Assessment
This skill appears coherent for OCR: it will read files you provide, convert them to base64, and upload them to api.siliconflow.cn using SILICONFLOW_API_KEY. Before installing, consider: (1) Do you trust siliconflow.cn with sensitive documents (IDs, bank statements, contracts)? Uploaded content leaves your machine. Check their privacy/data-retention policy. (2) Prefer using a limited-scope or revocable API key and avoid reusing the same key across unrelated tools if you need isolation. (3) If you must keep data local, use a local OCR tool instead. (4) The skill suggests storing the key in ~/.openclaw/.env — ensure that file permissions are appropriate. If you want more assurance, request the skill's provenance (who published it, official homepage) before use.Like a lobster shell, security has layers — review code before you run it.
latestvk971brxbbtv9dmd8f5ed2h34b583nqy6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📄 Clawdis
Binscurl, python3
EnvSILICONFLOW_API_KEY
Primary envSILICONFLOW_API_KEY