Back to skill
Skillv1.0.0
ClawScan security
Image Ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:52 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that instructs use of the tesseract OCR binary; its requirements and install method are consistent with that purpose, though there are small usability/traceability gaps.
- Guidance
- This skill is mostly coherent for doing OCR with tesseract. Before installing: (1) confirm your system uses dnf or install tesseract by another trusted method; (2) note the SKILL.md examples reference an image-ocr wrapper that is not included — the agent will need to invoke tesseract directly or you must provide a wrapper script; (3) if you need languages other than English, install the appropriate Tesseract language packs; (4) the skill source/homepage is unknown — if provenance matters, prefer a skill or package with a verifiable upstream. There are no credential or secret requests in this skill, so the security risk is low, but exercise normal caution when giving the agent filesystem access to images you consider sensitive.
Review Dimensions
- Purpose & Capability
- noteThe name/description claim OCR via Tesseract and the declared requirement (tesseract binary) and dnf install are appropriate. Minor inconsistency: SKILL.md examples show an image-ocr CLI wrapper (image-ocr "file") that is not supplied in the package (no code files), so the agent or user would need to call tesseract directly or provide that wrapper. The skill source/homepage is unknown which reduces traceability.
- Instruction Scope
- okSKILL.md stays on topic: install tesseract and run OCR on image files. It does not request unrelated files, environment variables, or external endpoints. One omission: it notes multilingual support but doesn't mention installing language data packs that Tesseract may require.
- Install Mechanism
- okInstall uses the system package manager (dnf) to install the well-known tesseract package — a low-risk, standard approach. Note: no alternative install paths are provided for systems without dnf (e.g., apt/homebrew).
- Credentials
- okNo environment variables, credentials, or config paths are requested — appropriate and proportionate for an OCR-only skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or access to other skills' configs. No elevated privileges are requested by the skill metadata.