ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Visible Text Extractor

v1.2.0

Extract and reconstruct as much visible text as possible from webpage URLs, article pages, screenshots, long images, image directories, and GIFs. Use when th...

0· 114·0 current·0 all-time
by@wunianze666-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to extract visible text from pages/images and the included scripts implement that. However the package metadata lists no required binaries or credentials while scripts clearly call node, ffmpeg, and an external/local OCR stack (paths like /root/.openclaw/.../ocr-local/scripts/ocr.js and /root/.openclaw/venvs/ocrstack/bin/python). The absence of declared runtime requirements is an incoherence: a consumer would legitimately need those dependencies to run the skill.
Instruction Scope
SKILL.md and USAGE.md instruct the agent to download pages/images, render pages via a browser fallback, extract GIF frames, run OCR, and produce docx/JSON/markdown. That scope matches the stated purpose. Some scripts also reference other local skill scripts (feishu sender, ocr-local) and absolute workspace paths and will download arbitrary image URLs discovered in pages — expected for this task but worth noting because it increases the runtime network surface (and may access internal-only URLs if present).
Install Mechanism
There is no install spec (instruction-only with bundled scripts) so nothing is fetched at install time. Runtime, however, depends on external binaries and other skill scripts (node, ffmpeg, local OCR scripts). The lack of an explicit install section or dependency declaration is the main issue, not the install mechanism itself.
!
Credentials
The skill declares no required env vars/credentials, but several scripts can invoke a Feishu file-sender script and will send a generated docx if a user-supplied --send-feishu-receive-id is passed. The code will also invoke external local tools under absolute paths. Requiring no credentials is coherent for read-only extraction, but the optional remote-send behavior and implicit dependencies on other local skill code are not documented in metadata and increase the risk of unintended data sharing or failure due to missing components.
Persistence & Privilege
always is false and the skill does not request permanent inclusion or modify other skills' configs. It writes temporary files and output artifacts in specified output paths, which is expected for this workflow.
What to consider before installing
This skill appears to do what it says, but before running it you should: (1) confirm required runtime tools exist (node, ffmpeg, Python, the local OCR stack referenced at /root/.openclaw/.../ocr-local and any virtualenv); the package metadata currently does not declare these dependencies, so expect runtime errors otherwise; (2) be aware it downloads arbitrary images/frames referenced by pages and writes temp files — if pages contain internal URLs this could cause server-side requests to your internal network (SSRF-like behavior); (3) the scripts optionally send the produced docx to Feishu when a receive-id is supplied — do not provide a receive-id unless you trust the destination; (4) review or supply trusted implementations for the referenced external scripts (ocr.js, feishu_file_sender.py) since the skill delegates OCR and delivery to them; (5) run the skill in an isolated environment (or sandbox) if you plan to process sensitive pages. If the publisher updates the package metadata to list required binaries and external script dependencies explicitly (and documents the optional Feishu delivery clearly), and if you verify the referenced local scripts are trusted, this assessment could be upgraded to benign.

Like a lobster shell, security has layers — review code before you run it.

deliverablevk97e5c5pdrv4qrt1g3506sgrgd83p71ydocumentvk97e5c5pdrv4qrt1g3506sgrgd83p71yextractionvk97e5c5pdrv4qrt1g3506sgrgd83p71ylatestvk97e5c5pdrv4qrt1g3506sgrgd83p71yocrvk97e5c5pdrv4qrt1g3506sgrgd83p71yscreenshotsvk97e5c5pdrv4qrt1g3506sgrgd83p71ywechatvk97e5c5pdrv4qrt1g3506sgrgd83p71ywordvk97e5c5pdrv4qrt1g3506sgrgd83p71y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments