ClawHub

PaddleOCR Document Parsing V2

Security checks across malware telemetry and agentic risk

Overview

This skill visibly sends user-selected documents to a configured PaddleOCR API for OCR, with no hidden persistence or destructive behavior found.

Install only if you are comfortable uploading the documents you choose to the configured PaddleOCR endpoint. Verify PADDLEOCR_API_URL and PADDLEOCR_JOB_URL are trusted HTTPS endpoints, use a scoped and revocable token, and avoid confidential or regulated documents unless that external processing is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires environment variables, shell tools, local file input/output, and outbound network access, but it does not declare permissions accordingly. This undermines transparency and security review because users and platforms may not realize the skill can read local documents, send them to an external OCR API, and write results to disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill processes local files and URLs by sending document contents to PaddleOCR's external API, but the description does not clearly warn users that their document data leaves the local environment. This can lead to inadvertent disclosure of sensitive documents, credentials embedded in files, or confidential URLs to a third party without informed user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends document contents to an external OCR service but does not provide an explicit user-facing warning at the point of use that local files are uploaded off-host. In security-sensitive environments, users may unintentionally transmit confidential documents, creating privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Async mode uploads the full local file to a remote job service without explicit warning or acknowledgement. Because this skill is specifically designed to process documents, the context increases the chance that users will provide sensitive PDFs or images, making silent external transmission more dangerous.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script base64-encodes any local input file and transmits its contents to a remote OCR API, but normal execution does not present a prominent runtime warning or confirmation that local document contents will leave the host. In an agent/skill context, this is security-relevant because users may pass sensitive local PDFs or images assuming local processing, leading to unintended data exfiltration to a third-party endpoint.

External Transmission

Medium
Category
Data Exfiltration
Content
}
trap cleanup EXIT

response=$(curl -s -X POST "$PADDLEOCR_API_URL" \
    -m 600 \
    --fail-with-body \
    -H "Authorization: token $PADDLEOCR_ACCESS_TOKEN" \
Confidence
95% confidence
Finding
curl -s -X POST "$PADDLEOCR_API_URL" \ -m 600 \ --fail-with-body \ -H "Authorization: token $PADDLEOCR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal