组织机构代码证识别与抽取（ADP）

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to be a cloud document-extraction tool, but its documentation exposes broader ADP CLI and app-management powers than a certificate OCR skill needs.

Review this carefully before installing. Use it only if you intend to grant access to the broader ADP CLI behavior, including cloud upload of documents and possible management of extraction apps. Do not submit confidential certificates or regulated business documents unless your organization permits sending them to the named third-party service, and prefer a narrower extraction-only skill if you do not need app-management commands.

Publisher note

本技能为来也科技企业级应用，仅通过安全方式调用内部指定 CLI 命令执行文档抽取任务，无网络外发、无文件越权访问、无额外风险行为。

SkillSpector (9)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The README describes a broad, general-purpose ADP CLI with parsing, extraction, task management, and app-management capabilities, which materially exceeds the manifest's stated purpose of Chinese organization code certificate recognition/extraction. This scope mismatch is dangerous because agents or users may invoke more powerful functionality than expected, violating least privilege and increasing the chance of unintended data access, transmission, or workflow abuse.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The documented ability to create, update, and delete custom extraction applications goes beyond a read-only OCR/extraction skill and introduces state-changing administrative operations. In an agent setting, this can enable unauthorized modification or deletion of extraction configurations, expanding impact from document processing to platform management.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Application-management functionality is context-inappropriate for a skill advertised as certificate OCR and field extraction, indicating over-broad permissions or misleading packaging. This increases risk because operators may trust the skill as narrowly scoped while it can enumerate or manage broader platform resources.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The README presents a broad, general-purpose ADP CLI with capabilities far beyond the declared skill purpose of extracting fields from Chinese organization code certificates. This scope mismatch is dangerous because users or agents may grant broader trust, permissions, or usage than intended, enabling unexpected document handling and tool behaviors under a narrowly branded skill.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: Documenting custom-app creation, update, and deletion introduces application lifecycle management capabilities that exceed a simple extraction skill. In an agent setting, this can expand the blast radius from passive document processing to active modification of service-side configurations and workflows.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Application-management functionality is not justified by the stated use case of extracting certificate fields, creating unnecessary privilege and feature expansion. Unneeded management actions increase risk because an agent or user may trigger operations unrelated to the expected task, including enumerating or altering extraction apps.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README encourages processing remote URLs and exporting results to local paths without clearly warning that documents may be transmitted to external cloud services and that extracted data will be written to disk. In a document-processing skill, this is sensitive because inputs may contain regulated business or identity data, and silent transmission/storage can cause privacy, compliance, or data leakage issues.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to configure an API key and process local or remote documents through a public cloud service, but does not clearly warn that document contents may be transmitted off-host to a third-party provider. This creates a data-handling transparency issue that is especially risky for sensitive business documents, certificates, and regulated information.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to upload certificate images and extracted structured data to a remote third-party ADP service, but it does not prominently disclose the privacy, confidentiality, and cross-boundary data-transfer implications before use. Because the documents contain sensitive business and personal information, users may unknowingly transmit regulated or confidential data off-host and off-organization.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal