ClawHub

Laiye-OCR

Security checks across malware telemetry and agentic risk

Overview

This document-processing skill appears legitimate, but it sends potentially sensitive files to a cloud service and includes unsafe remote installer commands without enough user-facing safeguards.

Install only if you trust the publisher and are comfortable sending the documents you process to Laiye-hosted cloud services. Avoid the pipe-to-shell installer; use a pinned package or inspect and verify downloaded scripts first. Treat API keys and batch outputs as sensitive, store results in restricted directories, and avoid uploading IDs, HR files, invoices, or contracts unless you have approval and understand the service's data handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to fetch and immediately execute a remote installation script via a shell pipeline without any integrity verification, pinning, or warning about the trust boundary. If the remote source, repository, DNS/TLS path, or upstream account is compromised, users could execute arbitrary attacker-controlled code on their systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes AI-powered document parsing/extraction backed by a public cloud service and also includes remote-install options, but it does not clearly warn users that sensitive documents may leave the local environment or that installer commands execute unreviewed code on the host. In a skill intended for agent use, that omission is dangerous because users or agents may assume local-only processing and may blindly run installation commands, leading to confidentiality and system-integrity risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs agents to upload documents to a third-party cloud processing service but does not clearly warn that invoices, IDs, receipts, and HR/admin files may contain highly sensitive personal, financial, or corporate data. In an agent context, this omission is dangerous because an automated system may transmit confidential documents externally without meaningful user awareness or consent, creating privacy, compliance, and data-governance risks.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill recommends storing API Key and API Base URL in environment variables for convenience, but it does not provide adequate guidance on secret handling, least privilege, secure storage, or avoiding exposure in logs, shells, process listings, and shared environments. In agent workflows, credentials may be reused automatically, so weak guidance increases the chance of accidental secret leakage or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installation section recommends global package installation and direct execution of remotely fetched scripts, but does not warn users or agents about the trust boundary, supply-chain risk, or system-wide changes those commands cause. In an agent context, such instructions can lead to unattended execution of unreviewed code with persistent effects on the host.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples instruct users to configure an API key but do not warn that the key is sensitive, should not be hardcoded, logged, or shared in transcripts and screenshots. This creates a realistic risk of credential leakage, especially when an agent may echo commands, store shell history, or expose configuration details in outputs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The parse and extract examples do not disclose that local files or referenced URLs are sent to a remote service for processing. For a document-processing skill handling invoices, receipts, and identity documents, omission of this warning can cause unintentional transfer of sensitive personal, financial, or business data to an external system.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The batch output section explains that extracted results are written to disk in a user-specified directory, but it does not warn that these files may contain full parsed document contents and errors. On shared machines or poorly controlled directories, this can expose sensitive extracted data to other users or downstream processes.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instruction that an agent must read every generated result file encourages indiscriminate collection of all extracted document contents from the output directory. In this skill's context, those results can include invoices, receipts, contracts, and identity-document data, making broad disclosure to agent responses, logs, or downstream tools significantly more dangerous.

External Script Fetching

Low
Category
Supply Chain
Content
export PATH="$(npm prefix -g)/bin:$PATH"

  # Method 2: Shell script (Linux / macOS, if npm is not available)
  curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

  # Method 3: PowerShell script (Windows, if npm is not available)
  Invoke-WebRequest -Uri "https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.ps1" -OutFile "$env:TEMP\adp-init.ps1"; & "$env:TEMP\adp-init.ps1"
Confidence
96% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
export PATH="$(npm prefix -g)/bin:$PATH"

  # Method 2: Shell script (Linux / macOS, if npm is not available)
  curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

  # Method 3: PowerShell script (Windows, if npm is not available)
  Invoke-WebRequest -Uri "https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.ps1" -OutFile "$env:TEMP\adp-init.ps1"; & "$env:TEMP\adp-init.ps1"
Confidence
95% confidence
Finding
| bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal