PDF OCR — Convert PDF to Markdown via WiseDiag cloud API. Supports table recognition, multi-column layouts, and high-accuracy text extraction. Usage: Upload...
Security Analysis
high confidenceThe skill's code and instructions match its stated purpose (cloud OCR via WiseDiag) and request only the expected API key and file access; nothing appears to exceed that scope.
The skill implements PDF→Markdown OCR via a WiseDiag cloud API and the code reads an environment variable WISEDIAG_API_KEY for authentication, which is coherent with the declared purpose. Minor inconsistency: the registry-level summary in the metadata you provided lists no required env vars, but both SKILL.md/README and the script require WISEDIAG_API_KEY.
SKILL.md instructs users to run the included script only; the script uploads the provided PDF to https://openapi.wisediag.com/v1/ocr/pdf, waits for a JSON response containing Markdown, and saves output to ~/.openclaw/workspace/WiseOCR. The instructions explicitly warn about privacy and do not request or transmit other system data or unrelated credentials.
No special install script is provided; installation is via pip requirements.txt (requests, pypdf), standard and proportional for a Python CLI that posts files and reads PDFs. There are no downloads from untrusted or obfuscated URLs in the codebase.
The skill requires a single API credential (WISEDIAG_API_KEY) which is proportional to a cloud OCR integration. Note the earlier registry summary omitted this requirement — the SKILL.md/README and code do require the env var, so the registry metadata is inconsistent with the packaged instructions.
The skill does not request persistent/autonomous elevated privileges (always:false). It writes output only to its own workspace (~/.openclaw/workspace/WiseOCR) and does not modify other skills or system-wide config.
Guidance
This skill appears to do exactly what it says (upload PDFs to WiseDiag for OCR) and only needs a single API key. Before installing: (1) Confirm you are comfortable uploading documents to an external service — do NOT use this for sensitive/confidential files. (2) Verify the WISEDIAG_API_KEY comes from the official WiseDiag console and do not store other secrets in the same environment. (3) Check that the domains (openapi.wisediag.com and the short link s.wisediag.com) are legitimate and match the vendor you expect; open the link in a browser first to confirm. (4) Be aware the tool saves output under ~/.openclaw/workspace/WiseOCR. (5) The registry metadata omitted the required env var — treat that as a packaging/information inconsistency; prefer the SKILL.md and script which do require WISEDIAG_API_KEY. If you need to process sensitive documents, use an offline/local OCR tool instead.
Latest Release
v1.0.21
- No changes detected in this version. - All features, documentation, and privacy guidance remain the same.
More by @wisediag
Published by @wisediag on ClawHub
