扫描报告
5 /100
img-ocr
Image text recognition tool based on Tesseract OCR
A straightforward Tesseract OCR wrapper with clean, transparent implementation and no security concerns.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | ocr.py:17 — Image.open(path) |
| 网络访问 | NONE | NONE | — | No network imports or calls found |
| 命令执行 | NONE | NONE | — | No subprocess/os.system/exec calls found |
| 环境变量 | NONE | NONE | — | No os.environ access found |
| 剪贴板 | NONE | NONE | — | Not accessed |
| 数据库 | NONE | NONE | — | Not accessed |
| 技能调用 | NONE | NONE | — | Not used |
| 浏览器 | NONE | NONE | — | Not used |
目录结构
2 文件 · 1.3 KB · 56 行 Markdown 1f · 32L
Python 1f · 24L
├─
ocr.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
pytesseract | unpinned | pip | 否 | Version not pinned in SKILL.md; install with explicit version for reproducibility |
Pillow | unpinned | pip | 否 | Version not pinned in SKILL.md; install with explicit version for reproducibility |
tesseract-ocr | unpinned | apt | 否 | System package; version not specified |
安全亮点
✓ No shell execution, subprocess, or os.system calls
✓ No network requests or external IP communication
✓ No credential harvesting or environment variable access
✓ No obfuscation (no base64, eval, or exec)
✓ Doc-to-code match: SKILL.md accurately describes the OCR functionality
✓ All dependencies (pytesseract, Pillow) are standard and declared
✓ Only accesses the user-supplied image path — no sensitive file traversal
✓ Minimal, readable code with proper error handling
✓ No persistence mechanisms or startup hooks