ClawHub

image2text

Security checks across malware telemetry and agentic risk

Overview

This OCR skill does what it claims, though URL-based OCR can make outbound network requests to user-provided addresses.

Reasonable to install if you need OCR from local images or explicit image URLs. Prefer local files or trusted public URLs, avoid localhost/private-network/metadata-service URLs, and be aware that URL inputs will be fetched from the machine running the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return tmp_path
    except Exception as e:
        # 尝试 curl
        result = subprocess.run(['curl', '-s', '-o', tmp_path, url], capture_output=True)
        if result.returncode != 0:
            raise Exception(f"下载失败: {e}")
        return tmp_path
Confidence
80% confidence
Finding
result = subprocess.run(['curl', '-s', '-o', tmp_path, url], capture_output=True)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The OCR tool accepts remote URLs and fetches them directly, which expands its trust boundary from local file processing to arbitrary network access. In a skill or agent context this is more dangerous because it can be abused to probe internal network resources, access metadata endpoints, or download oversized content for denial of service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports fetching images from remote URLs and says it will use curl to download them, but it does not warn users that this causes outbound network access and sends the target URL and request metadata to external systems. In an agent setting, this can lead to unintended data disclosure, SSRF-style access to internal resources, or retrieval of untrusted content without user awareness.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal