Back to skill

Security audit

GLM-OCR-Handwriting

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends user-selected images or PDFs to ZhiPu's GLM-OCR service for handwriting recognition using the user's API key.

Install this only if you are comfortable providing a ZhiPu API key and sending the images or PDFs you ask it to OCR to ZhiPu's service. Avoid using it for highly sensitive personal, legal, medical, financial, or confidential documents unless that provider relationship is acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of sensitive capabilities including environment-variable access, local file read/write, and outbound network access, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or the platform may not realize the skill can access API keys, read local files, write outputs, and send content to a remote OCR service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill uploads user-provided local files or URLs to an external third-party OCR API, but the interface does not provide an explicit user-facing warning about off-device data transmission or privacy implications. In the context of handwriting recognition, inputs are likely to contain sensitive notes, documents, or personal information, so silent transmission increases privacy and compliance risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.