ClawHub

Bank Card Recognition OCR - 银行卡识别

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it sends a user-provided bank card image to JisuAPI for OCR and returns card details, so users should treat it as sensitive-data processing.

Install only if you are comfortable sending bank card images to JisuAPI. Use it only for cards you are authorized to process, protect the JISU_API_KEY, and avoid storing or sharing full card numbers or card photos longer than necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill processes highly sensitive financial data: a bank card image is converted to base64 and sent to a third-party OCR provider, yet the description does not prominently warn users that card images and extracted card details leave the local environment. That omission can cause users or downstream agents to disclose payment-card data without informed consent, creating privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits a bank card image, which contains highly sensitive financial data, to a third-party OCR service without any explicit consent flow, warning, or data-handling disclosure to the user. Even though the transmission uses HTTPS and appears necessary for the feature, silently sending payment-card imagery off-box creates privacy, compliance, and trust risks if users assume processing is local.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal