windows-screenshot-ocr

Security checks across malware telemetry and agentic risk

Overview

This is a small, local Windows screenshot and OCR helper whose sensitive behavior is disclosed and matches its purpose.

Install only if you are comfortable with a local script capturing your full screen and saving images/text files on disk. Close sensitive windows first, review the fixed output folder, and delete screenshots or OCR results you do not want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation describes behavior that writes screenshot and OCR output files to disk, but the skill does not declare corresponding permissions. Undeclared file-write capability is a real security concern because screenshots can capture sensitive on-screen data and silently persist it to a local path, reducing transparency and user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal