paddleocr-text-recognition

SUSPICIOUS. The skill’s OCR purpose is plausible, and the referenced PaddleOCR service appears legitimate, but the actual trust boundary is the unreviewed local scripts plus a user-supplied API endpoint. Its main risk is credential forwarding and document upload to a not-strictly-pinned remote host, which is disproportionate enough to warrant caution even without evidence of confirmed malware.