Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
vision ocr
v1.1.2用于识别图片和 PDF 文档,调用你已配置的 OCR 与多模态服务输出 Markdown 结果,并可按需发送到飞书。适合截图、扫描件、表格、票据和技术文档。
⭐ 0· 391·1 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (OCR + PDF → Markdown, optional Feishu send) matches the included code and config (index.js, pdf-helper.py, config.example.json). Skill.json correctly lists Node/Python and VISION_* envs needed for OCR/multimodal services. Minor inconsistency: the top-level Registry metadata reported no required binaries/envs, while the packaged skill declares node/python and VISION_* envs — likely a metadata omission but worth noting.
Instruction Scope
SKILL.md and code limit actions to OCR, PDF → images conversion, optional multimodal model calls, and optional Feishu file sending. Reading of OpenClaw session info (OPENCLAW_* env or ~/.openclaw/runtime.json) and remote-attachment downloading are gated behind explicit CLI flags or env toggles (VISION_RESOLVE_OPENCLAW_SESSION, VISION_ALLOW_REMOTE_INPUT, --resolve-openclaw-session, --allow-remote-input). The skill inspects common message fields to locate local file paths or download URLs; this is appropriate for its stated purpose but does mean it can read any path provided in message context.
Install Mechanism
No network download/install step embedded in the package; it's an instruction/code-only skill. Dependencies (PyMuPDF / Python / Node.js) are standard and expected for PDF → image conversion and runtime. No suspicious remote download URLs or extract steps found in packaging.
Credentials
Required environment variables (VISION_IMAGEOCR_*, VISION_MULTIMODAL_*, VISION_AUTO_SEND_TO_FEISHU, etc.) are proportional to OCR/multimodal and Feishu features. Caveat: update-config.js can write VISION_* values into a local config.json in the skill directory — this will persist tokens on disk. Reading OPENCLAW_* env and ~/.openclaw/runtime.json only occurs when explicit session-resolve flags are enabled; that behavior is documented but should be treated as sensitive since it can expose session identifiers.
Persistence & Privilege
The skill is not force-included (always: false) and does not attempt to modify global OpenClaw config; update-config.js only writes a local config.json in the skill directory. It does spawn a Python helper (pdf-helper.py) via exec semantics, which is expected for PDF processing.
Assessment
This package appears coherent for OCR/PDF tasks, but check these before enabling:
- Do not run node index.js --update-config (or update-config.js) unless you intend to persist VISION_* tokens into the skill's config.json; stored tokens will reside on disk and should be protected by file-system permissions.
- Keep VISION_RESOLVE_OPENCLAW_SESSION and VISION_ALLOW_REMOTE_INPUT disabled (default false) unless you explicitly need CLI-session recovery or remote URL downloads; enabling them grants the skill access to OPENCLAW_* env and ~/.openclaw/runtime.json or allows downloading remote attachments.
- If you enable automatic Feishu sending, ensure the optional feishu-send-files integration is trustworthy and that you really want results sent to chat targets discovered from context; otherwise keep auto-send off and use --no-send-to-feishu.
- Review the local config.json and remove any secrets from the repository before sharing. If you need higher assurance, audit the remaining parts of index.js (network calls to multimodal baseUrl) to confirm it only talks to configured endpoints and does not leak content elsewhere.index.js:1606
Shell command execution detected (child_process).
index.js:21
Environment variable access combined with network send.
index.js:240
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97236h2vqpyfdt1fyndfegp8583y3q9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.