ClawHub

Image Ocr

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a straightforward OCR helper that uses a SiliconFlow API key and sends selected images/prompts to SiliconFlow, with no clear malicious behavior in the artifacts.

This skill looks safe to install if you intend to use SiliconFlow OCR. Before using it, confirm you trust the configured API endpoint, protect the SiliconFlow API key, and avoid submitting highly sensitive images unless you are comfortable with them being processed by the provider.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If an untrusted or mistaken base URL is used, the API key and OCR request could be sent to the wrong server.

Why it was flagged

The helper normally targets SiliconFlow, but it allows the API endpoint to be overridden while still sending the bearer token to that endpoint.

Skill content
ap.add_argument("--base-url", default="https://api.siliconflow.cn/v1") ... url = args.base_url.rstrip("/") + "/chat/completions" ... "Authorization": f"Bearer {key}"
Recommendation

Use the default SiliconFlow endpoint unless you intentionally trust a proxy or alternate endpoint, and do not let untrusted text decide the base URL.

#
ASI03: Identity and Privilege Abuse
Low
What this means

Installing and using the skill gives it access to the configured SiliconFlow account for OCR calls.

Why it was flagged

The skill uses a SiliconFlow API key from the environment or a local secrets file to authenticate requests.

Skill content
key = os.getenv("SILICONFLOW_API_KEY", "").strip() ... key_file = os.path.expanduser("~/.openclaw/secrets/siliconflow_api_key") ... "Authorization": f"Bearer {key}"
Recommendation

Store the API key securely, use a least-privileged key if available, and revoke or rotate it if you no longer use the skill.

#
ASI07: Insecure Inter-Agent Communication
Low
What this means

Screenshots, receipts, forms, or other selected images may leave the local device and be processed by the external OCR provider.

Why it was flagged

When a local image path is provided, the script encodes the image and sends it in the API request to the configured OCR provider.

Skill content
content.append({"type": "image_url", "image_url": {"url": to_data_uri(args.image_path)}}) ... with urllib.request.urlopen(req, timeout=90) as resp:
Recommendation

Only submit images you are comfortable sending to SiliconFlow or a trusted configured endpoint, especially if they contain IDs, financial data, or private documents.