The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a JavaScript bridge to execute its Python core via the osascript interface. Analysis of the shell quoting mechanism in 'scripts/convert.js' confirms that arguments are properly escaped to prevent command injection.- [EXTERNAL_DOWNLOADS]: The skill performs legitimate network requests to the user-configured PaddleOCR API endpoint. It also includes functionality to download image resources if the API returns remote URLs, and a connectivity check script that fetches a sample image from a well-known Baidu repository.- [DATA_EXFILTRATION]: Document content is transmitted to an external API as part of the core OCR functionality. The API endpoint and authentication token are provided by the user in the configuration file, and the 'scripts/lib.py' utility enforces the use of HTTPS for remote connections to ensure data transit security.- [SAFE]: The skill uses reputable, standard Python libraries including 'httpx' for network communication and 'pypdfium2' for PDF processing. No obfuscation, persistence mechanisms, or unauthorized privilege escalation attempts were found.

paddle-ocr