Back to skill

Security audit

批量身份证 OCR 提取工具 (导出 TXT 版)

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised ID-card OCR workflow, but it handles very sensitive identity data and should only be used with clear authorization.

Install only if you are authorized to process the ID cards. Use a dedicated Tencent Cloud key with the narrowest OCR permissions available, avoid public or long-lived image URLs, review Tencent's data-handling terms, and delete the generated TXT attachment when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill processes extremely sensitive personal data: ID card images, names, sex, and national ID numbers. The description mentions environment-variable handling for API keys but does not clearly warn users that images and extracted PII will be transmitted to Tencent Cloud OCR and then returned in a downloadable TXT file, which increases the risk of uninformed disclosure, improper handling, and downstream leakage.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill sends ID-card images, which contain highly sensitive personal data, to a third-party cloud OCR service using URLs supplied at runtime, but the code contains no consent flow, disclosure, minimization, or validation controls. In an agent/skill context, users may not realize their identity documents are being transmitted off-platform to Tencent Cloud, creating significant privacy, compliance, and unauthorized data-processing risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes extracted PII including name, sex, and ID number to a plaintext file in /tmp, then returns that file for downstream delivery. Even though /tmp is the writable area in SCF, storing sensitive identity data unencrypted in a temporary local file increases exposure through logs, reuse of the execution environment, unintended attachment handling, or other components with filesystem access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.