Safety Report

OCR - Local (No API Key)

Name: OCR - Local (No API Key)
Rating: 5 (15 reviews)
Author: shaw555

Extract text from images using Tesseract.js OCR (100% local, no API key required). Supports Chinese (simplified/traditional) and English.

12,848Downloads

91Installs

15Stars

1Versions

API Integration11,971 Image Processing4,554 PDF & Documents3,686 Customer Support3,665

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and requirements are consistent with a local Tesseract.js-based OCR tool; nothing requests unrelated credentials or suspicious system access.

Mar 14, 20265 files1 concern

Purpose & Capabilityok

Name/description (local OCR for Chinese/English) align with the actual files: a Node script that uses tesseract.js. Required binary (node) and the dependency (tesseract.js) are appropriate and expected.

Instruction Scopeok

SKILL.md and scripts/ocr.js limit behavior to reading a user-supplied image file and running Tesseract.recognize. Instructions do not reference unrelated files, environment variables, or transmit results to external endpoints. The README and notes explicitly mention that language data is downloaded on first run.

Install Mechanismnote

No install spec in the registry, but package.json lists tesseract.js and SKILL.md metadata suggests installing it via npm — this is a standard, low-risk installation route. Note: at runtime Tesseract.js will fetch language model files from remote hosts (first-run download ~20MB per language); that network fetch is expected for this library and not an unexpected exfiltration endpoint.

Credentialsok

The skill requests no environment variables, credentials, or config paths. package.json dependency only on tesseract.js is proportionate to OCR functionality.

Persistence & Privilegeok

Skill is not always-enabled and does not request system-wide configuration changes. The only persistent behavior is caching/downloading language data for later runs (expected and limited scope).

Guidance

This skill appears to do what it claims: local OCR via Node + Tesseract.js. Before installing, note: (1) you need Node and should run npm install to obtain tesseract.js (package.json lists the dependency). (2) On first run the library downloads language model files (~20MB per language) from Tesseract.js-hosted URLs — the images themselves are processed locally and the script does not post results to third-party APIs. (3) If you require full offline operation, be aware of the runtime model downloads and consider pre-downloading the traineddata files into a controlled location. (4) As with any third-party package, ensure you trust the tesseract.js version and review upstream package provenance if you have strict supply-chain requirements.

Latest Release

v1.0.0

Local OCR skill using Tesseract.js, no API key required

More by @shaw555

OCR Test

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @shaw555 on ClawHub