Safety Report

PaddleOCR Document Parsing

Name: PaddleOCR Document Parsing
Author: Bobholamovic

@Bobholamovic

Parse documents using PaddleOCR's API.

1,765Downloads

1Installs

0Stars

4Versions

API Integration4,971 PDF & Documents1,388 Web Scraping958

Security Analysis

high confidence

Clean

The skill's files, runtime instructions, and requested environment variables are consistent with a PaddleOCR document-parsing client and do not request unrelated privileges or suspicious installs.

Mar 4, 20262 files

Purpose & Capabilityok

Name/description ask for a PaddleOCR API client; required binaries (curl, base64, jq), required env vars (PADDLEOCR_API_URL, PADDLEOCR_ACCESS_TOKEN), and the included shell script all match that purpose. Nothing unrelated (e.g., cloud provider keys) is requested.

Instruction Scopeok

SKILL.md and the script only instruct capturing an input file/URL, base64-encoding local files, and POSTing JSON to the configured API endpoint. The script only reads the input file and writes an optional output file; it does not read other system files or extra env vars.

Install Mechanismok

Instruction-only skill with a simple shell script; no install spec or downloads. Lowest-risk delivery: nothing arbitrary is written to disk beyond the script's normal temporary payload file which is cleaned up.

Credentialsok

Only two environment variables are required (API URL and access token), which are appropriate and necessary for calling a remote PaddleOCR API. No unrelated secrets or config paths are requested.

Persistence & Privilegeok

Skill does not request permanent/always-on presence, does not modify other skills or system-wide settings, and runs only when invoked by the user/agent.

Guidance

This skill appears to be a straightforward client that sends local files (base64) or remote URLs to the configured PaddleOCR API endpoint using the PADDLEOCR_API_URL and PADDLEOCR_ACCESS_TOKEN you provide. Before installing or using it: 1) Ensure PADDLEOCR_API_URL points to a trusted PaddleOCR endpoint (a malicious URL would receive your documents). 2) Keep PADDLEOCR_ACCESS_TOKEN secret and with minimal scope; rotate it if exposed. 3) Avoid sending highly sensitive documents unless you trust the remote endpoint and its security/compliance. 4) Confirm the required binaries (curl, base64, jq) are available and that HTTPS is used for the API URL. 5) Review the included script (scripts/paddleocr_parse.sh) yourself; it is short and readable and performs the expected encode-and-post behavior.

Latest Release

v1.0.3

- No changes detected in this version; all features and documentation remain the same as the previous release.

More by @Bobholamovic

PaddleOCR Text Recognition

9 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @Bobholamovic on ClawHub