← Back to Skills Marketplace
TencentCloud IDCard OCR
by
tencent-ocr
· GitHub ↗
· v1.0.4
· MIT-0
405
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install tencentcloud-ocr-idcard
Description
腾讯云身份证识别(IDCardOCR)接口调用技能。当用户需要识别身份证图片中中国大陆居民二代身份证正反面信息(姓名、性别、民族、出生日期、住址、身份证号、签发机关、有效期限等)时,应使用此技能。支持图片Base64和URL两种输入方式,同时支持身份证图片照片裁剪和多种告警功能。
Usage Guidance
Before installing: (1) Be aware the script requires your TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY even though the registry metadata doesn't list them — the skill will exit if they are not set. Only provide credentials scoped minimally (limited permissions, dedicated account) and avoid using high-privilege keys. (2) The tool will read a local file when you pass --image-base64 <path> and will send its contents to Tencent's OCR endpoint — do not pass paths to sensitive local files (password files, keys, config) or run the skill in a context where untrusted code could invoke it. (3) The package dependency tencentcloud-sdk-python must be installed manually; verify you install it from a trusted source. (4) If you plan to allow autonomous agent invocation, prefer to disable autonomous use or run the skill in an isolated environment, and ensure the agent is not granted broad access to other local files or credentials. (5) If unsure, inspect and run the script in a sandbox, confirm the endpoint is ocr.tencentcloudapi.com (official), and request the publisher update registry metadata to declare required env vars and dependency installation steps.
Capability Analysis
Type: OpenClaw Skill
Name: tencentcloud-ocr-idcard
Version: 1.0.4
The skill provides a functional wrapper for the Tencent Cloud ID Card OCR API but contains a significant vulnerability in `scripts/main.py`. The `load_image_base64` function allows for arbitrary file reads by accepting any local file path and encoding its contents for transmission to the OCR endpoint, without restricting access to specific directories or image file types. While this capability is documented in `SKILL.md` as a feature for processing local files, the lack of input sanitization or path restriction represents a high-risk behavior in an agentic environment. No evidence of intentional malice or unauthorized data exfiltration was found.
Capability Assessment
Purpose & Capability
The SKILL.md and scripts/main.py clearly require Tencent Cloud API credentials (TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY) and the tencentcloud-sdk-python dependency to call ocr.tencentcloudapi.com, which matches the stated purpose. However the registry metadata declares no required env vars or primary credential — an inconsistency that can mislead users about the permissions/secrets this skill needs.
Instruction Scope
Instructions and the script accept either an image URL or a local file path for --image-base64 and will read arbitrary local files (treating them as Base64 or encoding binary) and send contents to the remote OCR API. This is expected for image OCR, but it also means the skill can be used to transmit arbitrary local file contents to Tencent Cloud if misused or invoked autonomously.
Install Mechanism
This is an instruction-only skill with an included Python script; there is no install spec. The SKILL.md and script require the third-party package tencentcloud-sdk-python but do not declare an automated install step — users must install the dependency manually. No suspicious download URLs or extract actions are present.
Credentials
The environment secrets the tool needs (Tencent Cloud secret id/key) are appropriate for contacting the Tencent OCR API. However the registry metadata fails to list these required environment variables or a primary credential, which is a meaningful mismatch and can cause accidental credential exposure or misconfiguration by users who assume no credentials are needed.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) — this is normal but combine with the above data-exfiltration vector if you allow autonomous runs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tencentcloud-ocr-idcard - After installation, invoke the skill by name or use
/tencentcloud-ocr-idcard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- 清理并简化了调用示例和参数表,使调用方式更加统一。
v1.0.3
- No changes detected in this version.
v1.0.2
- 增加渠道上报支持
v1.0.1
更新显示名称
v1.0.0
- Initial release of tencentcloud-ocr-idcard skill.
- Supports Tencent Cloud OCR recognition for both sides of second-generation Chinese resident ID cards.
- Allows image input via Base64 or URL and provides functions such as photo and portrait cropping.
- Includes multiple warning/alert features (e.g., copy, retake, PS, temporary ID detection).
- Outputs structured JSON with all recognized fields and warning codes.
Metadata
Frequently Asked Questions
What is TencentCloud IDCard OCR?
腾讯云身份证识别(IDCardOCR)接口调用技能。当用户需要识别身份证图片中中国大陆居民二代身份证正反面信息(姓名、性别、民族、出生日期、住址、身份证号、签发机关、有效期限等)时,应使用此技能。支持图片Base64和URL两种输入方式,同时支持身份证图片照片裁剪和多种告警功能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 405 downloads so far.
How do I install TencentCloud IDCard OCR?
Run "/install tencentcloud-ocr-idcard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TencentCloud IDCard OCR free?
Yes, TencentCloud IDCard OCR is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TencentCloud IDCard OCR support?
TencentCloud IDCard OCR is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TencentCloud IDCard OCR?
It is built and maintained by tencent-ocr (@zt1314p-design); the current version is v1.0.4.
More Skills