Back to skill

Security audit

eKYC Suite Document OCR

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud OCR client for user-authorized KYC document images, with expected sensitive-data handling but no hidden persistence or destructive behavior found.

Install only if you are comfortable sending user-authorized identity or financial document images to the configured eKYC Cloud endpoint. Operators should confirm the endpoint owner, API key handling, privacy terms, retention policy, and whether optional EKYC_* metadata headers are acceptable in their environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares environment variables and references a Python script that can read local files, access secrets, and send data over the network, but it does not declare explicit permissions for those capabilities. In a KYC OCR skill, this matters because local document images and API keys are sensitive, and undeclared capabilities reduce transparency and policy enforcement for agents or marketplaces deciding whether the skill is safe to install and run.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This skill transmits highly sensitive KYC document images and several environment-derived identifiers to a remote cloud backend, but the code itself provides no runtime disclosure, consent check, or minimization before transmission. In an agent setting, that can cause unexpected export of personal data and tenant metadata, especially because the inputs include IDs, bank cards, and licenses.

External Transmission

Medium
Category
Data Exfiltration
Content
payload = {"image": media_input(image)}
    if side is not None:
        payload["side"] = side
    response = requests.post(
        f"{endpoint}/api/v1/tools/{tool}",
        json=payload,
        headers=headers,
Confidence
84% confidence
Finding
requests.post( f"{endpoint}/api/v1/tools/{tool}", json=

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
95% confidence
Finding
requests>=2.31.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Python code base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/document_ocr.py:39