smart_ocr

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward OCR helper, with normal caution needed for sensitive documents and remote image URLs.

Install only if you want an agent to OCR files or image URLs you provide. Avoid processing documents you are not authorized to read, review OCR output before sharing it, prefer local files or trusted URLs, and use trusted package sources when installing the Python dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill is presented as a local OCR capability, but it also documents fetching images from arbitrary remote URLs with requests.get. That expands the trust boundary and can expose the agent environment to unintended outbound network access, including retrieval of attacker-controlled content, access to internal-only URLs if user input is not constrained, and processing of untrusted payloads through complex parsers.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: This OCR skill encourages extraction from screenshots, PDFs, business cards, and receipts, all of which commonly contain personal, financial, or confidential data, but it provides no privacy, consent, retention, or handling guidance. In an agent setting, that omission increases the chance that sensitive data is processed, stored, or shared inappropriately, especially when examples normalize extracting contact and payment-related fields.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal