ClawHub
Back to skill

Security audit

文档识别-表格识别(invoice-ocr-xy)翔云平台

Security checks across malware telemetry and agentic risk

Overview

This OCR skill matches its stated purpose, but it needs review because it asks for API secrets in chat and uploads selected documents to an external OCR service.

Install only if you are comfortable sending chosen documents to netocr.com/Xiangyun. Prefer entering credentials through the local --config flow rather than chat, protect or delete config.json after use, and avoid processing IDs, contracts, financial records, or other confidential documents unless the provider and billing model are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script base64-encodes document contents and sends them to a third-party OCR service, but it does not present an explicit warning or confirmation at the point of use that sensitive document contents will leave the local environment. In an agent skill context, users may reasonably assume local processing, so this creates a meaningful data disclosure risk for confidential PDFs, IDs, contracts, or internal records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script stores OCR API credentials in a plaintext config.json file without warning the user or applying file-permission hardening. This increases the chance that secrets are exposed through local compromise, accidental inclusion in backups or repositories, or other users on the same system reading the file.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to proactively request netocr_key and netocr_secret directly in chat, which encourages users to disclose secrets in conversation channels that may be logged, retained, or exposed to other tooling. This is more dangerous in context because the skill also sends documents to an external OCR service, combining sensitive file handling with unsafe secret collection practices.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal