General Text Recognition OCR - 通用文字识别

Security checks across malware telemetry and agentic risk

Overview

This OCR skill does what it says, but users should know it uploads chosen images to JisuAPI for text recognition.

Install only if you are comfortable sending selected images to JisuAPI for OCR. Avoid using it on screenshots or documents containing passwords, IDs, medical, financial, or confidential business information unless that external processing is acceptable, and use a dedicated API key with limits where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrase 'or similar general image-recognition problems' is overly broad for a skill that specifically performs OCR via a third-party service. This can cause the skill to activate for generic image-understanding requests and send images externally when the user did not intend OCR or data sharing.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The documentation instructs users to send local images or base64-encoded image contents to a third-party OCR API but does not clearly warn about data egress, privacy implications, or suitability for sensitive images. Since OCR inputs often contain PII, credentials, IDs, invoices, or internal screenshots, silent transmission to an external provider creates a significant confidentiality risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill sends user-supplied image content to a third-party OCR API, but the script provides no user-facing notice, consent flow, or data-handling disclosure before transmission. In an agent setting, users may believe OCR happens locally; this creates a privacy and compliance risk because screenshots and images often contain credentials, personal data, or other sensitive information.

External Transmission

Medium

Category: Data Exfiltration
Content: import requests OCR_URL = "https://api.jisuapi.com/generalrecognition/recognize" def _normalize_local_path(user_path: str, field: str) -> Dict[str, Any]:
Confidence: 88% confidence
Finding: https://api.jisuapi.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal