ClawHub

Ocr Scanner Image

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs OCR, but it claims local-only Tesseract processing while also shipping a runnable helper and reference docs that send images or URLs to OCR.space.

Review before installing. Use scripts/ocr.sh only if you want local Tesseract OCR, and avoid scripts/example.py unless you are comfortable sending the selected image or URL to OCR.space. Do not use the cloud helper for sensitive documents unless the package is updated to clearly disclose the data flow and require opt-in consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference documentation conflicts with the skill metadata by describing a third-party OCR API instead of local-only processing via the system tesseract binary. This can mislead maintainers, reviewers, or downstream agents into implementing or invoking remote processing, creating undisclosed data egress and breaking the expected trust boundary for local OCR.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation introduces remote network OCR capability that is not necessary for a skill described as local tesseract-based OCR. In a security-sensitive agent setting, undocumented expansion from local file processing to network transmission materially increases attack surface and may cause sensitive images or derived text to be sent off-host.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill metadata says OCR is performed locally with the system's tesseract binary, but the implementation actually sends images or URLs to a third-party service. This creates a material trust-boundary violation: users may provide sensitive local files expecting offline processing, while the code exfiltrates that data externally.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest describes OCR on image files, but the code also accepts arbitrary remote URLs. That expands the skill's behavior beyond its declared scope and can cause unintended external fetching and processing of attacker-controlled resources, increasing privacy and abuse risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code is hardwired to make outbound requests to ocr.space even though the skill is described as using a local OCR binary. This can leak sensitive image contents or internal-only URLs to a third party and violates the principle of least surprise for a supposedly local-processing skill.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The module docstring openly states behavior that contradicts the manifest, indicating the skill package presents inconsistent security-relevant claims. This mismatch makes operator review and user trust decisions unreliable, which is especially dangerous because the actual behavior involves external data transmission.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation describes uploading local image files or image URLs to a third-party OCR service without any privacy warning or consent language. Because images often contain sensitive personal, financial, or proprietary information, this omission can lead users or agents to exfiltrate confidential data to an external provider unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The request uploads local file contents or user-supplied URLs to an external OCR provider without any explicit warning, consent flow, or indication of data handling. In the context of an OCR skill, inputs often contain sensitive documents, making silent transmission a meaningful privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal