Mistral PDF OCR
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Mistral OCR integration, but users should know it sends selected documents to Mistral, uses a Mistral API key, and writes full OCR outputs locally.
Before installing, confirm you are comfortable sending the chosen PDFs or images to Mistral, keep your Mistral API key secure, and store or delete the generated OCR output files according to the sensitivity of the documents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive PDFs/images may be uploaded to Mistral for processing.
Local documents are intentionally sent to the external Mistral API for OCR. This is central to the skill, but users should understand that document contents leave the local environment.
If the PDF is local and not publicly accessible, upload it (the script does this automatically).
Use this only for documents you are allowed to send to Mistral, consider page selection for large or sensitive files, and review Mistral retention/privacy terms.
Anyone running the skill needs a valid Mistral API key, and OCR requests may be billed to that account.
The script uses a Mistral API key from the environment. This is expected for the Mistral OCR service, but it grants access to the user's Mistral account and may incur usage costs.
api_key = os.getenv("MISTRAL_API_KEY")Store the API key securely, use the least-privileged key available, and avoid exposing environment variables in logs or shared shells.
The agent can run the OCR Python script and create output files in the chosen directory.
The skill permits running Python commands and writing output files. This is proportionate for a bundled OCR script, but it is still local command execution.
allowed-tools: "Read,Write,Bash(python:*)"
Run it only on intended input files and direct outputs to a safe, expected folder.
A future SDK version could behave differently from the version the skill author tested.
The skill depends on the external mistralai package using a lower-bound version rather than an exact pinned version. This is common for SDK integrations but can change behavior as new package versions are installed.
mistralai>=1.0.0
Install dependencies from trusted package sources and consider pinning a known-good mistralai version in controlled environments.
OCR outputs may create persistent local copies of sensitive document content.
The skill stores the full OCR response locally, which may include extracted text, tables, annotations, and image data from the source document.
raw_response.json (full OCR response)
Store the output directory securely and delete OCR artifacts when they are no longer needed.