Private Document AI with OpenVINO
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: local-document-ai-openvino Version: 0.1.4 The skill bundle provides a legitimate local document processing pipeline using Intel OpenVINO and PaddleOCR-VL. The code is well-structured and focuses on parsing PDFs/images into structured data (to-data) or code scaffolds (to-code) such as React components and Jupyter notebooks. Security analysis of scripts like run_skill.py and parse_document.py shows safe use of subprocesses (executing internal scripts via list-based arguments without shell=True) and no evidence of data exfiltration, unauthorized network activity, or malicious prompt injection. The bundle emphasizes local execution and privacy, consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong file or output folder, private document contents could be parsed and stored somewhere unintended.
The main workflow intentionally accepts local input and output paths. This is expected for document OCR, but it gives the agent broad file/path handling when the user supplies paths.
python "{baseDir}/scripts/run_skill.py" --mode to-data --file "/absolute/path/to/invoice.pdf" --out "/absolute/path/to/artifacts/invoice_data"Use explicit file paths, choose a dedicated local output folder, and avoid cloud-synced or shared folders for confidential documents.
Installing unreviewed packages or model tooling could run third-party code in the same environment used for private documents.
The skill relies on external Python packages and an optional third-party OCR package. The artifacts disclose this and recommend review, but dependency provenance still matters.
PyMuPDF>=1.24.0 ... openvino>=2026.0.0 ... The third-party paddleocr_vl_openvino package is intentionally NOT installed ... Review the source or wheel first
Install in a virtual environment, prefer reviewed or pinned packages, and only enable model downloads or install OCR wheels from trusted sources.
Generated scaffolds may be incomplete or unsafe if run, deployed, or connected to real systems without review.
The skill can generate executable code or notebooks, but the artifacts explicitly frame them as drafts and do not show automatic execution of generated code.
Typical outputs ... `task_output/notebook.ipynb` ... `app.jsx`, `index.html`, `styles.css` ... Treat all generated code and notebooks as drafts. Review them before running
Inspect generated code and notebooks before execution, publishing, or connecting them to real data or services.
Sharing artifact folders may reveal private document contents, filenames, local paths, and document fingerprints.
The generated parse output records source metadata, including the resolved local input path and file hash, alongside parsed document content.
"source": { "input_path": str(config.file), "input_type": input_type, "filename": config.file.name, "sha256": file_hash }Treat output folders as sensitive, redact artifacts before sharing, and delete outputs when they are no longer needed.