ClawHub

Azure Content Understanding Layout

v1.3.0

Extract document structure, text, tables, and figures from documents using Azure Content Understanding prebuilt-layout analyzer. Converts PDF, images, Office...

0· 121·0 current·0 all-time
by@zwcih
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and scripts/analyze.mjs all implement calls to Azure Content Understanding (prebuilt-layout) and only request the Azure endpoint, API key, and an API version. No unrelated services, binaries, or credentials are required.
Instruction Scope
Runtime instructions and the script only read stdin or a user-supplied URL and call the Azure analyzer. Important: when you supply a URL, the Azure service will fetch that URL (so the remote host and Azure will see it). The SKILL.md metadata lists AZURE_CU_API_VERSION as required but the code provides a default value — minor inconsistency.
Install Mechanism
No install spec; this is an instruction-only skill plus a single Node script (analyze.mjs). Nothing is downloaded from external sites and no installers run — low install risk. The script requires a Node runtime to execute.
Credentials
Requiring AZURE_CU_ENDPOINT and AZURE_CU_API_KEY is proportional and expected. AZURE_CU_API_VERSION is declared required in metadata but the script defaults it if unset — the extra 'required' declaration is unnecessary but not harmful. PrimaryEnv correctly set to the API key.
Persistence & Privilege
always:false and the skill does not request persistent system modifications or modify other skills' configs. Autonomous invocation is allowed but is the platform default and not in itself a concern here.
Assessment
This appears to be a straightforward Azure document-layout helper. Before installing: 1) Only provide AZURE_CU_API_KEY and AZURE_CU_ENDPOINT that you trust — the key grants access to your Azure resource. Prefer a least-privilege or short-lived key if available. 2) Be aware that sending a document or a URL sends data to Azure (URL mode causes Azure to fetch the URL). Do not send sensitive documents unless you accept that. 3) The script runs locally with Node; review or run it on a trusted host. 4) The metadata marks AZURE_CU_API_VERSION as required but the script will default it — you can safely omit it. 5) If you need higher assurance, call the Azure API directly (curl or official SDK) or inspect/execute the included analyze.mjs locally rather than granting broad agent-level access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97726wrktdrsw47crjkadbb8x83ax1m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAZURE_CU_ENDPOINT, AZURE_CU_API_KEY, AZURE_CU_API_VERSION
Primary envAZURE_CU_API_KEY

Comments