TencentCloud OCR
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a coherent Tencent Cloud OCR integration, but it will use Tencent credentials and send image/PDF contents to Tencent Cloud for recognition.
Install this skill only if you are comfortable using Tencent Cloud OCR for your images and PDFs. Use a dedicated Tencent Cloud API key, monitor quota and billing, install the SDK from a trusted source, and avoid processing highly sensitive documents unless you have consent and understand Tencent Cloud's data handling terms.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An uploaded image, pasted image, or image URL may automatically be sent through the OCR workflow.
The skill deliberately allows autonomous invocation based on image-like inputs. That is coherent for OCR, but users should notice that OCR may run even if they did not explicitly say 'OCR'.
当检测到以下信号时,应**自动调用**此技能,无需用户显式要求"OCR"
Use explicit confirmation before processing sensitive images or documents, especially screenshots, IDs, legal documents, or resumes.
OCR calls may consume quota or incur charges on the configured Tencent Cloud account.
The script requires Tencent Cloud API credentials from environment variables. This is expected for Tencent OCR, but those credentials authorize use of the user's Tencent Cloud account.
secret_id = os.environ.get("TENCENTCLOUD_SECRET_ID")
secret_key = os.environ.get("TENCENTCLOUD_SECRET_KEY")Use a dedicated, least-privilege Tencent Cloud key for OCR and monitor usage/billing.
Dependency behavior depends on the package version installed from PyPI.
The setup relies on a manually installed, unpinned PyPI package rather than a pinned install specification. This is common for SDK integrations, but users should verify the dependency source.
依赖:`tencentcloud-sdk-python`(通过 `pip install tencentcloud-sdk-python` 安装)
Install the Tencent Cloud SDK from the official package source and consider pinning a known-good version.
Private document contents, resume details, screenshots, or image URLs may leave the local environment and be processed by Tencent Cloud.
The script sends OCR requests to Tencent Cloud's OCR endpoint. This is the expected provider flow, but image/PDF contents or URLs are shared with an external cloud service.
http_profile.endpoint = "ocr.tencentcloudapi.com" resp = client.GeneralAccurateOCR(req)
Only use the skill for documents you are comfortable sending to Tencent Cloud, and obtain consent before processing other people's personal documents.