Skillv0.1.6

ClawScan security

openocr-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 1:51 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with an OCR/document-parsing helper — it expects to run local OCR code and download models, but it provides no installer or explicit network/model sources so verify environment and model origins before use.
Guidance: This skill appears to do what it claims (local OCR and document parsing). Before installing/using it: (1) confirm you have a Python environment and the required ML runtimes (ONNX/Torch) or be prepared to install them; (2) expect the skill to auto-download model weights — check the OpenOCR project's GitHub and verify the model download URLs and integrity or supply model files yourself to avoid unexpected network fetches; (3) be aware the agent will need permission to read the image/PDF files you give it and to write cache/model files to disk; and (4) if you need higher assurance, ask the publisher for an explicit install spec and the exact model-hosting URLs (or use only local model paths).

Review Dimensions

Purpose & Capability: okThe name/description (OpenOCR OCR, document parsing, VLM recognition) matches the instructions: code examples show initializing OpenOCR for detection/recognition/doc parsing and working with image/pdf paths. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md contains only OCR-related instructions and Python examples. It repeatedly relies on passing image/PDF file paths and on auto-downloading models; it does not instruct accessing unrelated system files or secrets. However, the instructions assume ability to run Python code, read/write files, and fetch model binaries from the network.
Install Mechanism: noteThis is an instruction-only skill with no install spec. The skill examples expect a Python package ('openocr') and optional ONNX/Torch backends and include 'auto_download' of models. Because no install/source-of-models is declared, model and dependency downloads would be performed dynamically by the runtime — verify where those downloads come from and that you trust the source.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only needs file access to user-provided images/PDFs and network access to fetch models (if auto_download is used), which is proportional to OCR functionality.
Persistence & Privilege: okThe skill does not ask to be always-enabled, does not declare persistence or modify other skills, and requires no long-lived credentials. It does instruct writing/reading model and cache files locally, which is typical for model-based tools.