Skillv2.2.0

ClawScan security

pdf-ocr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 2:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and documentation broadly match an OCR tool, but there are important inconsistencies and runtime behaviors you should notice before installing (auto-installing pip packages at runtime, an external cloud endpoint that will receive full images, and missing declared environment requirements).
Guidance: This skill appears to implement the advertised OCR functionality, but review these before installing: - The registry metadata omits required env vars but SKILL.md/.env expect SILICON_FLOW_API_KEY for the cloud engine — treat the cloud engine as requiring a secret key. - The code will auto-install Python packages with pip at runtime (subprocess pip install). That can change your environment and pull code from PyPI; prefer installing dependencies yourself in a virtualenv or review required packages and versions first. - If you enable the cloud engine, the skill uploads full images (base64) to https://api.siliconflow.cn — do not use the cloud engine for sensitive documents unless you trust the service and the API key handling. Consider running RapidOCR (local) only for private data. - Verify the vendor/source (homepage is missing and source is 'unknown'). If you need to trust this skill long-term, obtain it from a known repository or author, inspect the full code (including the truncated parts) and test in a sandbox environment. If you want to proceed safely: run the skill in an isolated environment (virtualenv/container), manually install and pin dependencies from requirements.txt, avoid configuring the cloud API key unless necessary, and audit network calls/logging to ensure no unexpected endpoints receive your data.

Review Dimensions

Purpose & Capability: concernName/description, SKILL.md and the included Python code are coherent: they implement a PDF/image OCR processor with a local engine (RapidOCR) and an optional cloud engine (SiliconFlow). However the registry metadata declares no required environment variables or credentials while the SKILL.md and code clearly expect an optional SILICON_FLOW_API_KEY for the cloud engine — this metadata omission is an inconsistency that reduces transparency.
Instruction Scope: noteSKILL.md and examples stick to OCR tasks (convert PDF→images, run OCR, save text). They instruct providing an API key when using the cloud engine. They do not instruct reading unrelated system files. One area to note: the skill will send full image data (base64) to the external siliconflow API when that engine is used — this is expected for cloud OCR but is sensitive (images may contain private data) and the docs do not strongly call out privacy/exfiltration implications.
Install Mechanism: concernThere is no install spec in the registry (instruction-only), but the runtime code will attempt to auto-install missing Python packages by invoking pip via subprocess at runtime. Auto-installing packages during execution can modify the runtime environment and pull arbitrary code from PyPI — this increases risk compared with a purely instruction-only skill that requires manual dependency installation.
Credentials: concernThe skill only needs one service credential in practice (SILICON_FLOW_API_KEY) for the optional cloud engine, which is proportionate. However the registry declared no required env vars while the SKILL.md and .env.example explicitly document SILICON_FLOW_API_KEY and OCR_ENGINE. The lack of declared credentials in metadata reduces transparency. Also sending base64 image data to api.siliconflow.cn is a sensitive operation that you should only enable if you trust that service and key usage.
Persistence & Privilege: okSkill flags are default: not always-on, user-invocable, and allows autonomous invocation (platform default). The package does not request elevated system privileges or attempt to modify other skills or global agent settings in the provided files.