ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ocr Benchmark

v2.0.0

Multi-model OCR benchmark and comparison tool. Run OCR on images using Claude (Opus/Sonnet/Haiku via Bedrock), Gemini (Pro/Flash via Google AI Studio), and P...

0· 196·0 current·0 all-time
by@yingfengli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (multi-model OCR benchmark) match the included code and instructions: it calls Bedrock (Claude), Google Gemini, and an optional PaddleOCR endpoint. However, the registry metadata claims no required environment variables or credentials while the SKILL.md and scripts clearly require AWS credentials (for Bedrock), GOOGLE_API_KEY (for Gemini), and optionally a PADDLEOCR_ENDPOINT/TOKEN. The functional requirements are coherent with the stated purpose, but the published metadata is inaccurate/omitted.
Instruction Scope
SKILL.md and scripts instruct the agent/user to install Python deps, point to local image files and a ground-truth JSON, and call external model endpoints. The runtime behavior is scoped to reading provided image files and ground-truth JSON, calling model provider APIs, saving per-image JSON results, scoring, and generating PPTX reports. There are no instructions to read unrelated system files or to exfiltrate arbitrary data beyond the model providers/PaddleOCR endpoint, but images and extracted text are sent to external services (expected for OCR).
Install Mechanism
There is no packaged installer; the SKILL.md instructs pip install -r requirements.txt. requirements.txt contains common packages (boto3, google-genai, python-pptx, requests) that match the providers and reporting functionality. No downloads from arbitrary URLs or archive extraction are present in the repo. Review requirements.txt before installing into any environment.
Credentials
The environment variables used by the code (AWS credentials via normal boto3 mechanisms, AWS_REGION, GOOGLE_API_KEY, optional PADDLEOCR_ENDPOINT/PADDLEOCR_TOKEN) are proportionate to the skill's purpose (calling Bedrock, Google AI Studio, or an external PaddleOCR API). The concern is that the registry metadata lists no required env vars/credentials — that mismatch could confuse users about what secrets they must provide and trust. Bedrock usage requires AWS credentials with bedrock-runtime permissions; you should use least-privilege IAM keys and avoid sharing broad credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and is instruction-driven. It runs on-demand and writes results/reports to the specified output directory only. No elevated persistence or autonomous privilege beyond normal skill invocation is requested.
What to consider before installing
This skill appears to be a legitimate OCR benchmarking tool, but note the following before installing and running: (1) The package metadata omits required env vars — you will need AWS credentials (for Bedrock) and GOOGLE_API_KEY for Gemini, and optionally a PADDLEOCR_ENDPOINT/TOKEN; verify and provide only least-privilege credentials. (2) Running the tool will upload image bytes and extracted text to external services (Anthropic/Bedrock, Google AI Studio, or whatever URL you provide for PaddleOCR). Do not use sensitive/private images unless you trust the destination. (3) Inspect requirements.txt and the two scripts locally before pip installing; consider running in an isolated virtualenv or container. (4) If you don’t want to provide credentials for a provider, use the --auto-skip flag or run only specific models. (5) The metadata in the registry is inconsistent — if you need a fully audited skill record, ask the publisher to correct required-env and README metadata. If you want me to, I can point out the exact lines in the code that send data to each external endpoint and summarize the permissions each provider needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5bksf77mt4q0kpwbkqf5ex82y7gd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments