ClawHub

Moark Ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill appears to do what it says, but users should know their selected images, image URLs, and prompts are sent to Gitee AI.

Install only if you are comfortable sending chosen images or image URLs and prompts to Gitee AI. Prefer setting GITEEAI_API_KEY as an environment variable instead of passing it on the command line, and avoid confidential or regulated documents unless Gitee AI is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares use of an environment secret (`GITEEAI_API_KEY`) in metadata but does not declare explicit permissions, creating a mismatch between documented capabilities and the permission model. This can lead to unintended secret exposure or execution with broader access than reviewers expect, especially because the workflow instructs passing the API key to a script and external API.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script accepts arbitrary HTTP/HTTPS image URLs and forwards them to a third-party OCR API, which expands the skill from local OCR into a network-fetching proxy for user-supplied resources. This can expose sensitive internal or pre-signed URLs to the external provider and creates a privacy/data-boundary issue that is not clearly constrained by the skill description.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits the full image content and user prompt to a remote API, but provides no explicit privacy warning, consent step, or data-handling notice. For OCR, users may supply documents containing personal, financial, or confidential information, making silent third-party transmission a meaningful security and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal