Skillv1.1.0

ClawScan security

Crazyrouter Ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 10, 2026, 1:07 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match an OCR/image-analysis purpose, but registry metadata omits the required API credential and there are privacy/exfiltration implications from uploading images to an external API—these inconsistencies and risks should be resolved before trusting the skill.
Guidance: This skill's code and instructions do what its description says (it reads a local image file, base64-encodes it, and sends it to https://crazyrouter.com/v1 with your CRAZYROUTER_API_KEY). Before installing: 1) Be aware that any image you provide will be transmitted to an external service — do not upload sensitive images unless you trust Crazyrouter's privacy/security. 2) The registry metadata currently omits the required CRAZYROUTER_API_KEY; expect to provide that secret as an env var. 3) Confirm the CRAZYROUTER_BASE_URL default is correct and that you haven't set it to an unexpected endpoint (an attacker or misconfiguration could redirect uploads). 4) Prefer creating a scoped API key with minimal permissions and test with non-sensitive images first. If you need stronger assurance, ask the publisher to correct the registry metadata to declare CRAZYROUTER_API_KEY as a required credential and provide publisher/homepage details for vetting.

Review Dimensions

Purpose & Capability: noteThe SKILL.md and scripts implement image-to-text and image analysis by uploading an image to Crazyrouter's inference API — this is coherent with the declared purpose. However, the registry metadata lists no required environment variables or primary credential while both SKILL.md and scripts require CRAZYROUTER_API_KEY (and optionally read CRAZYROUTER_BASE_URL). That metadata omission is an incoherence that should be fixed.
Instruction Scope: okThe runtime instructions and script remain on-topic: they require an image file and an API key, and call the Crazyrouter chat/completions endpoint with a base64 data URL. The skill only reads the provided image file and environment variables; it does not attempt to read unrelated system files or credentials. Note: sending images to an external API transmits their contents off-host, which is expected but has privacy implications.
Install Mechanism: okNo install spec is provided (instruction-only + an included script). Nothing is downloaded or written by an installer. The included Node script is small and self-contained.
Credentials: concernThe code requires CRAZYROUTER_API_KEY (and allows CRAZYROUTER_BASE_URL) to operate, but the skill registry metadata incorrectly lists no required env vars and no primary credential. That mismatch is a material concern—users may not realize a secret key is required or that images will be sent to an external service. Requiring only the service API key is otherwise proportionate for this capability.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide agent settings, and does not persist credentials itself. It runs only when invoked.