ClawHub

OCR Local V2

Security checks across malware telemetry and agentic risk

Overview

This OCR skill appears to do what it claims, with normal dependency and first-run language-data download caveats.

Install only if you are comfortable with npm fetching tesseract.js and with the first OCR run downloading and caching language data. For locked-down or offline environments, pre-vendor or pre-cache the dependency and language files, and use the skill only on images whose extracted text you are willing to show in your local agent session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The README markets the skill as '100% local' and 'No API key required', but also notes that the first run downloads Tesseract language data. This is a real security-relevant documentation issue because users may rely on the claim to use the skill in offline, restricted, or privacy-sensitive environments, while the implementation performs unexpected network access.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
Saying the skill 'runs locally' is somewhat misleading when first-run behavior includes downloading language data. While the OCR processing itself may be local, the undocumented or under-emphasized network dependency can violate user expectations and security policies in locked-down environments.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises itself as "100% local" and "no API key required," but the notes explicitly state that the first run downloads language data. That creates a documentation integrity issue: users may assume no network access occurs, which can violate offline-only, privacy-sensitive, or supply-chain-restricted environments even if the OCR processing itself is local.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "acceptLicenseTerms": true,
  "dependencies": {
    "tesseract.js": "^7.0.0"
  },
  "repository": {
    "type": "git",
Confidence
89% confidence
Finding
"tesseract.js": "^7.0.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal