Is image-ocr safe?

https://clawhub.ai/Xejrax/image-ocr

95
SAFE

This is a minimal, documentation-only skill that provides usage instructions for Tesseract OCR. It contains no executable code, no dependencies, no network endpoints, and no suspicious patterns. Installation monitoring confirmed zero filesystem changes, zero network activity, and intact canary files. The only findings are standard low-severity notes about shell command templates and sudo in install instructions.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Sudo usage in install instructions -5

The SKILL.md install section contains 'sudo dnf install tesseract'. If an agent executes install instructions without user confirmation, this grants elevated privileges. This is standard practice for system packages but worth noting.

LOW Shell command templates for OCR execution -5

The skill provides bash command examples that agents will execute via shell. Commands are straightforward Tesseract OCR invocations with user-supplied filenames. No injection vectors are present in the templates themselves.

INFO Documentation-only skill with minimal attack surface -5

This skill contains no executable code, no dependencies, no git hooks, no symlinks, no submodules, and no network activity. It is purely instructional, telling the agent how to invoke Tesseract OCR. The lock.json references 'academic-research-hub' which appears to be unrelated metadata from a prior installation but contains no exploitable content.