pdf-ocr-layout

基于智谱 GLM-OCR、GLM-4.7 及 GLM-4.6V 的多模态文档深度解析工具。 Use when: - 需要高精度提取文档（PDF/图片）中的表格并转换为 Markdown 格式 - 需要从文档页面中自动裁剪并提取插图、图表为独立文件 - 需要对提取的图表进行深度语义理解（基于 GLM-4.6V 视觉分析） - 需要对提取的表格数据进行逻辑分析（基于 GLM-4.7 文本分析） 核心架构： 1. 视觉提取：GLM-OCR 2. 语义理解：GLM-4.7 (纯文本/表格) + GLM-4.6V (多模态/图像)

This package appears to implement the advertised OCR + GLM analysis pipeline, but before installing you should: - Verify the source: there is no homepage or repository listed. Prefer code from a known source if you will send sensitive documents. - Expect document data to be transmitted to Zhipu's API (the scripts Base64-encode images and send full page Markdown/context). Do NOT run on private/sensitive documents unless you're comfortable with that external transmission and the API provider's data retention policy. - Fix/confirm dependencies: SKILL.md lists 'zhipuai' but the code imports 'zai' (from zai import ZhipuAiClient). Confirm the correct client package and install it in a controlled environment (virtualenv/container). - Registry metadata mismatch: the manifest claims no required env vars, but the scripts require ZHIPU_API_KEY. Treat ZHIPU_API_KEY as mandatory and do not place sensitive credentials in shared environments. - If you need higher assurance, ask the publisher for: 1) source repository or release page 2) exact Python package name for the Zhipu client and installation instructions 3) confirmation of what data is sent to the API and the provider's retention/privacy terms Given these inconsistencies and the fact that your documents will be sent to an external API, proceed only after clarifying the above or run the skill in an isolated environment with non-sensitive test files.

Type: OpenClaw Skill Name: pdf-ocr-layout Version: 1.0.2 The skill is classified as suspicious due to potential prompt injection vulnerabilities against the backend LLMs (GLM-4.7, GLM-4.6V) and potential path traversal vulnerabilities. The `script/glm_understanding.py` directly embeds content (`full_markdown_context`, `detected_title`) derived from the input document into the LLM prompts without sanitization, which could allow a malicious input document to inject instructions to the backend models. Additionally, the scripts perform file system operations using `file_path` and `output_dir` (e.g., in `script/glm_ocr_extract.py`), which, while necessary for functionality, could be exploited for path traversal if the OpenClaw agent is tricked into providing malicious paths. There is no evidence of intentional malicious behavior such as data exfiltration or backdoor installation; the identified issues are vulnerabilities rather than deliberate malice.