Is deepread-ocr safe?

https://clawhub.ai/DeepRead001/deepread-ocr

82
SAFE

DeepRead OCR is a documentation-only skill that wraps a third-party OCR API. It contains no executable code, no install scripts, no prompt injection attempts, and no malicious patterns. The primary risk is inherent to any OCR service: user documents are uploaded to a third-party API (deepread.tech) for processing, and processed results are accessible via unauthenticated preview URLs. Sensitive file access (.env, .aws/credentials) during installation appears attributable to the OpenClaw runtime rather than the skill itself, but warrants noting.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 65/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (7)

LOW Documents uploaded to third-party API -15

The core functionality of this skill involves uploading user documents (PDFs, images) to api.deepread.tech for OCR processing. While this is the expected behavior for an OCR service, users should be aware that their document contents are transmitted to and processed by a third-party service.

LOW Public preview URLs without authentication -15

Processed documents can be accessed via public preview URLs (preview.deepread.tech) that require no authentication. If these URLs are predictable or logged, third parties could access processed document content.

MEDIUM Sensitive file access during installation -35

During installation, the monitoring detected file access to /home/oc-exec/.env and /home/oc-exec/.aws/credentials. While this is most likely attributable to the OpenClaw runtime environment initialization (not the skill itself), it is concerning that these sensitive files were accessed during the skill install process.

INFO disable-model-invocation set to true 0

The skill explicitly sets disable-model-invocation: true in its frontmatter, indicating it does not require or request LLM invocation capabilities. This is a positive safety signal showing the skill is designed as documentation/API reference only.

INFO Clean package with no executable scripts 0

The package.json contains no install scripts, no dependencies, and no executable code. The skill is purely a SKILL.md documentation file with metadata.

LOW Reliance on third-party data handling -25

Users processing sensitive documents (invoices, contracts, receipts with PII) must trust DeepRead's data retention and security practices. The skill provides no information about data retention policies, encryption at rest, or compliance certifications.

INFO Marketing UTM parameters in URLs -10

Several URLs include utm_source=clawdhub tracking parameters. This is standard marketing attribution and not a security concern.