Invoice-Recognition

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it includes live-looking Baidu credentials and handles sensitive invoice data through a third-party OCR service with weak privacy and credential guidance.

Review before installing. Do not use any included Baidu keys; create your own credentials, store them securely, and rotate any keys copied from the documentation. Only process invoices you are allowed to send to Baidu Cloud OCR, use preview/list mode before batch runs, and avoid broad directories containing unrelated sensitive files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The setup guide includes what appear to be real Baidu API credentials in a manual configuration example rather than obvious placeholders. Publishing live-looking secrets in documentation can expose the associated cloud account to unauthorized use, quota exhaustion, billing abuse, and possible access to invoice-processing capabilities tied to sensitive business data.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger text is broad enough to match many ordinary invoice or receipt requests, which can cause the skill to activate in contexts where the user did not intend OCR processing or third-party transmission. In this skill's context, that matters more because invoice documents often contain sensitive financial and tax information.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill does not clearly warn users that invoice images/PDFs and extracted financial data are sent to Baidu OCR, a third-party network service. Because invoices commonly contain names, tax IDs, bank details, addresses, and transaction amounts, undisclosed external transmission can lead to serious privacy, confidentiality, and compliance exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example shows passing API credentials directly on the command line, which can expose secrets through shell history, process listings, audit logs, CI job output, or terminal recording. In a tool that handles financial documents and authenticates to a third-party OCR service, leaked credentials could allow unauthorized API use, data access, or billing abuse.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The example encourages emailing generated invoice reports without warning about the sensitivity of invoice data, which may include financial, tax, vendor, and personal information. Sending such files over email without discussing encryption, recipient validation, retention, or policy controls increases the risk of accidental disclosure or unauthorized access.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The guide directs users to send invoice images and PDFs to Baidu OCR over the network but does not clearly warn that potentially sensitive financial documents will be transmitted to a third-party cloud service. In the context of invoice extraction, this increases privacy and compliance risk because invoices commonly contain tax IDs, addresses, account details, and other regulated business information.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The manual configuration example shows full credential values instead of placeholders, which effectively republishes secrets in user-facing documentation. This is dangerous both as a direct credential leak and because it normalizes insecure handling of secrets in a tool that already processes sensitive invoice data through a third-party service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The code sends invoice images and PDFs to Baidu's remote OCR endpoints, which exposes potentially sensitive financial and personal data to a third party without any explicit user notice, consent flow, or data-sharing warning. In the context of an invoice-processing skill, this is especially relevant because invoices commonly contain tax IDs, addresses, bank details, and transaction amounts, so silent external transmission creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code persists BAIDU_API_KEY and BAIDU_SECRET_KEY directly into config.txt in plaintext, making credential exposure likely through local file disclosure, backups, source control mistakes, or multi-user system access. In this skill's context, these are live third-party API credentials used for invoice OCR, so compromise could enable unauthorized API use, quota exhaustion, and billing or data-processing abuse.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The tool sends invoice images/PDFs to Baidu OCR, which means potentially sensitive financial and personal data leaves the local machine and is disclosed to a third-party service. In this file, processing begins after authentication without any explicit privacy notice, consent step, or data-transfer warning, so users may unknowingly upload confidential documents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal