Security audit

PaddleOCR Text Recognition

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an OCR helper, with the main risk being broad trigger wording that could make it activate more often than users expect.

Install only if you are comfortable using it for OCR. Before providing screenshots, photos, or PDFs, check whether they contain passwords, personal records, financial data, or private messages, and prefer explicit OCR requests such as 'extract text from this image.'

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains broad, common terms such as "screenshot," "photo scan," and generic OCR-related phrases that can match many ordinary user requests beyond the intended scope. This can cause the skill to be invoked unnecessarily, potentially routing sensitive images or PDFs to the OCR tool when the user did not explicitly request external text extraction, increasing privacy and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.