Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BaiduOCR-LocalFallback
v1.1.0Provides 115+ Baidu OCR APIs with automatic EasyOCR local fallback, image preprocessing, token caching, and auto-retry for stable text recognition.
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's declared purpose (Baidu OCR + EasyOCR fallback) matches the code and documentation: it needs Baidu API Key/Secret and installs EasyOCR. However, the registry metadata at the top of the report said 'Required env vars: none' and 'Primary credential: none', while package.json and SKILL.md/package scripts clearly require/configure Baidu api_key and secret_key. This metadata mismatch is an incoherence that should be resolved before trusting the skill.
Instruction Scope
SKILL.md and install.sh limit actions to installing Python deps, creating a per-skill config directory under ~/.openclaw, prompting for/storing Baidu keys, and testing the Baidu token endpoint. The instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data. They do, however, provide examples that will send image data (including Base64) to Baidu's endpoints — which is expected but a privacy risk for sensitive images.
Install Mechanism
No formal install spec in the registry, but SKILL.md documents a one‑click install that fetches an install.sh from raw.githubusercontent.com and pipes it to bash. raw.githubusercontent.com is a common host, but piping remote scripts into a shell is higher risk than a manual review/install. The included install.sh itself uses pip to install mainstream Python packages (requests, easyocr, Pillow) and writes config files under the user's home — behavior consistent with the stated purpose but still requires trusting the remote script or inspecting it first.
Credentials
The skill legitimately requires Baidu API Key and Secret for remote OCR; these are requested in SKILL.md, configured in ~/.openclaw/skills/BaiduOCR-LocalFallback/config.json, and declared as required in package.json.openclaw.config. However, the registry metadata claimed no required env vars/credentials — a direct inconsistency. No unrelated credentials are requested, and the script advises chmod 600 for stored credentials, but storing secrets in a file is still sensitive and the skill offers environment variable configuration (recommended).
Persistence & Privilege
The skill does not request 'always: true' or system-wide changes. Its installation writes files under the invoking user's home (~/.openclaw/skills/BaiduOCR-LocalFallback) and installs Python packages into the environment — typical for a user-level tool. It does not attempt to alter other skills' configs or escalate privileges.
What to consider before installing
Before installing: 1) Note the metadata mismatch — the registry claims no credentials but the skill requires Baidu API Key and Secret (package.json and SKILL.md do require them). 2) Review the repository content (especially scripts/ocr.py and any network calls) before running the one‑click install; piping a remote script into bash (curl | bash) is convenient but risky. 3) Prefer using environment variables over storing keys in ~/.openclaw/.../config.json; if you store the file, keep permissions restrictive (chmod 600) and consider using a dedicated service account with minimal privileges. 4) Understand privacy: images (and their text) may be sent to Baidu's servers; avoid sending highly sensitive images. 5) Expect EasyOCR to download ~100MB of model data and pip to install dependencies. If you are uncomfortable with remote execution or storing secrets in a file, inspect and run the install script manually or run the project in an isolated environment (container or VM).Like a lobster shell, security has layers — review code before you run it.
latestvk974gr15qvmtgpy0wxa73g8ak983neqz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.