Skillv0.1.4

ClawScan security

opencr-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 1:35 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with an OCR/document-parsing purpose, but it relies on executing Python code and auto-downloading models which carry operational risks you should consider before installing.
Guidance: This skill appears to do what it says (OCR/document parsing). Before installing or letting an agent execute it: 1) review the OpenOCR source (the SKILL.md points to a GitHub repo) to ensure you trust the code and model download sources; 2) be aware the examples imply running Python, installing dependencies (onnx/torch, etc.), and auto-downloading large model files — run in a sandbox or virtualenv and prefer explicit, verified installs; 3) consider disabling auto_download and manually fetch/verify model files (checksums) from trusted releases; 4) avoid sending highly sensitive images/documents to unknown network endpoints — confirm whether processing is local or uses remote APIs; 5) expect significant CPU/GPU and disk usage for model downloads and inference. If you want a lower-risk install, ask the skill author for a vetted pip package name, signed releases, and explicit model download URLs with checksums.

Review Dimensions

Purpose & Capability: okThe name, description, and SKILL.md all describe OCR, text detection/recognition, and document parsing using the OpenOCR project. There are no unrelated requested credentials, binaries, or config paths.
Instruction Scope: noteSKILL.md contains detailed Python usage examples and configuration options and instructs use of OpenOCR features (det/rec/ocr/unirec/doc). It also declares tools like code_execution and file_operations — the agent will be expected to run Python, read/write files, and possibly auto-download model files. The instructions do not ask for unrelated system secrets or unrelated file paths, but they do allow broad actions (installing/using libraries, downloading models, executing code) which are expected for an OCR skill but increase operational exposure.
Install Mechanism: noteThere is no explicit install spec (instruction-only), which is lower risk for supply-chain installs. However the SKILL.md implies installing/using a Python package (openocr) and enables auto_download of potentially large models. Those downloads and any extraction/execution are not governed by a provided install spec or checksum verification, so network/model-fetch behavior should be reviewed before allowing execution.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The settings shown (use_gpu, backend selection, model paths) are proportionate to OCR/modeling tasks and do not request unrelated secrets.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. Autonomous invocation is permitted by default (normal). The skill does not declare modifications to other skills or system-wide settings.