TencentCloud IDCard OCR

腾讯云身份证识别(IDCardOCR)接口调用技能。当用户需要识别身份证图片中中国大陆居民二代身份证正反面信息（姓名、性别、民族、出生日期、住址、身份证号、签发机关、有效期限等）时,应使用此技能。支持图片Base64和URL两种输入方式,同时支持身份证图片照片裁剪和多种告警功能。

Before installing: (1) Be aware the script requires your TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY even though the registry metadata doesn't list them — the skill will exit if they are not set. Only provide credentials scoped minimally (limited permissions, dedicated account) and avoid using high-privilege keys. (2) The tool will read a local file when you pass --image-base64 <path> and will send its contents to Tencent's OCR endpoint — do not pass paths to sensitive local files (password files, keys, config) or run the skill in a context where untrusted code could invoke it. (3) The package dependency tencentcloud-sdk-python must be installed manually; verify you install it from a trusted source. (4) If you plan to allow autonomous agent invocation, prefer to disable autonomous use or run the skill in an isolated environment, and ensure the agent is not granted broad access to other local files or credentials. (5) If unsure, inspect and run the script in a sandbox, confirm the endpoint is ocr.tencentcloudapi.com (official), and request the publisher update registry metadata to declare required env vars and dependency installation steps.

Type: OpenClaw Skill Name: tencentcloud-ocr-idcard Version: 1.0.4 The skill provides a functional wrapper for the Tencent Cloud ID Card OCR API but contains a significant vulnerability in `scripts/main.py`. The `load_image_base64` function allows for arbitrary file reads by accepting any local file path and encoding its contents for transmission to the OCR endpoint, without restricting access to specific directories or image file types. While this capability is documented in `SKILL.md` as a feature for processing local files, the lack of input sanitization or path restriction represents a high-risk behavior in an agentic environment. No evidence of intentional malice or unauthorized data exfiltration was found.