pdf-ocr-extraction

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local OCR helper with disclosed dependencies and only contextual temporary-file privacy risk.

Reasonable to install if you need local OCR. Use it in a trusted environment for sensitive PDFs, prefer secure per-run temporary files if adapting the script, and install OCR dependencies from trusted package sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The example writes rendered PDF pages to predictable files under /tmp, which can expose sensitive document contents to other local users/processes on shared systems, backups, crash dumps, or forensic recovery if cleanup fails. The risk is contextual rather than overtly malicious, but OCR on scanned PDFs often handles sensitive records, so persisting page images to disk increases confidentiality exposure unnecessarily.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal