Skillv1.0.3

ClawScan security

TencentCloud OCR · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 1, 2026, 6:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement Tencent Cloud OCR as described, but there are notable inconsistencies (registry metadata omits required credentials) and privacy/auto-invocation behaviors you should consider before installing.
Guidance: This skill appears to implement Tencent Cloud OCR and will send images (or uploaded files) to Tencent's OCR endpoint using credentials you must provide. Before installing: - Verify the publisher/source (no homepage is provided and registry metadata omitted required env vars). If you don't trust the owner, do not provide your Tencent credentials. - Understand it will automatically trigger on messages containing images or image URLs (per SKILL.md). If you want manual control, disable autonomous invocation or avoid granting broad triggers. - The resume parsing guidance enforces verbatim output of recognized text (including PII). Only run this on content you are permitted to send to an external service; consider using redaction or local-only processing for sensitive images. - Provide least-privilege credentials (use a dedicated Tencent account or temporary credentials) and monitor billing and API usage if you enable the skill. - If you need higher assurance, inspect/execute scripts/main.py in a sandbox or request a signed, documented release from a verified source. The main concrete problem here is the metadata mismatch about required env vars — that should be corrected or explained by the publisher before trusting the skill.

Review Dimensions

Purpose & Capability: concernThe skill's declared purpose (TencentCloud GeneralAccurateOCR) matches the included code (scripts/main.py) which calls tencentcloud OCR APIs — requesting Tencent Cloud API keys is appropriate. HOWEVER the registry metadata states 'Required env vars: none' and 'Primary credential: none' while SKILL.md and the script explicitly require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY. That metadata omission is an incoherence and could mislead users about what secrets the skill needs.
Instruction Scope: concernSKILL.md instructs automatic invocation whenever images or image URLs (and certain host patterns) appear, and to run scripts/main.py with either image URL or Base64/file path. The script will read local files (if a filepath is passed) and will send image data or URLs to Tencent's OCR endpoint. The resume-parsing reference also instructs the model to preserve original text verbatim (which may include sensitive PII). These behaviors are consistent with OCR functionality but broaden the risk surface: automatic triggering and verbatim extraction of potentially sensitive personal data are privacy risks and should be explicitly accepted by the user.
Install Mechanism: okNo install spec is provided (instruction-only with a bundled Python script). There is no external download or archive extraction. The script depends on the public pip package tencentcloud-sdk-python, which is reasonable and transparent.
Credentials: concernThe code and SKILL.md legitimately require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY to call Tencent Cloud APIs. That credential request is proportionate to the stated purpose. The concern is that the registry metadata omitted these required env vars (it listed none), which is inconsistent and may cause users to underestimate the privilege they are granting. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always:true and does not request persistent or elevated platform privileges. It is user-invocable and may be invoked autonomously by the agent (default), which is normal for skills; combine this with the automatic trigger rules in SKILL.md to understand the practical behavior.