Back to skill
Skillv1.3.0
ClawScan security
Pdf Ocr Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 5:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, install steps, and runtime instructions are consistent with an OCR-to-Markdown tool that uses a local Ollama GLM-OCR service; nothing requested is disproportionate to the stated purpose.
- Guidance
- This skill appears to do what it says: convert PDFs/images to Markdown by calling an Ollama GLM-OCR model. Before installing, review and accept these points: (1) The tool sends images and prompts to the configured Ollama host (default localhost). Do not point OLLAMA_HOST to an untrusted remote endpoint if your documents contain sensitive data. (2) Install scripts pull pyproject/uv.lock from the skill's GitHub raw URL if local copies are missing — only proceed if you trust the upstream repository. (3) The skill requires pdftoppm (poppler) to convert PDFs; if missing it will still run for images only. (4) If you need stronger assurance, inspect utils/ollama_client.py to confirm network behavior and where data is posted, and run the post-install hooks manually rather than blindly executing remote install scripts.
Review Dimensions
- Purpose & Capability
- okName/description (PDF/image → Markdown using Ollama GLM-OCR) aligns with required binaries (ollama, pdftoppm) and the included code (OCR, page splitting, prompts). uv is used for dependency management and appears justified by the install instructions.
- Instruction Scope
- noteSKILL.md and the code limit actions to converting PDFs/images, splitting regions, invoking an Ollama service, and writing Markdown/images. However, the tool transmits image data and prompts to an Ollama host you configure (defaults to localhost). If you set the host to a remote service, document contents (possibly sensitive) will be sent over the network — this is expected for an OCR integration but worth noting.
- Install Mechanism
- okInstall uses uv (local Python package manager) and shell hooks that copy pyproject/uv.lock from the local tree or raw.githubusercontent.com. The scripts do not fetch arbitrary binaries from untrusted personal servers; they reference GitHub raw and instruct the user to run official install scripts for Ollama/uv. This is typical and proportionate to the task.
- Credentials
- okThe skill declares no required credentials or secret env vars. It supports OLLAMA_HOST/OLLAMA_PORT/OCR_MODEL configuration (optional), which is appropriate for selecting the target Ollama service and model. There are no unrelated credentials or config paths requested.
- Persistence & Privilege
- okSkill does not request always: true and does not modify other skills or global agent settings. Install hooks operate within the skill directory and virtualenv; no elevated persistent privileges were requested.