ClawAudit verdict

ID Card Recognition OCR - 身份证识别

idcardrecognition

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

OCR skill for ID documents using the JisuAPI service; credential access is limited to the user's own JISU_API_KEY sent to the documented jisuapi.com endpoint for its stated recognition purpose.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

65
security
70
transparency
70
maintenance

Findings (3)

Pattern match critical

Possible hardcoded credential

SKILL.md · code · API_KEY="your_appkey_here

Pattern match low

Base64 encoding/decoding

idcardrecognition.py · prose · downgraded · base64-encode

Pattern match low

Python os.getenv — reads environment variable

idcardrecognition.py · prose · downgraded · os.getenv(

Permissions & capabilities

Requires 1 environment variable. (1 sensitive: JISU_API_KEY). Requires 1 system binary.

data_encoding

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API