ClawHub

试验图片数据提取

Security checks across malware telemetry and agentic risk

Overview

This image-table extraction skill appears useful, but it sends uploaded images to a third-party service without clear user-facing disclosure or consent guidance.

Install only if you are comfortable having the images you process sent to the stated third-party OCR provider. Avoid using it on confidential, regulated, or customer data unless the publisher documents the provider, retention policy, and consent flow, and handle any API key as a secret that should not be pasted into chat or stored in shell profiles unnecessarily.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill uploads the user-supplied image to a third-party service at kpp.ketop.cn for processing, but the skill description presents itself as a table-extraction utility without clearly disclosing that user data leaves the local environment. This creates a real privacy and data-handling risk because images may contain sensitive business, personal, or regulated information, and users cannot give informed consent if the remote transfer is hidden.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad and loosely defined, which can cause the skill to activate in contexts the user did not clearly intend. In a skill that processes uploaded images and extracts table contents, overbroad activation increases the chance of unintended handling of sensitive images or misrouting user requests to this skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the system to analyze user-uploaded images and extract their contents without any notice about privacy, retention, third-party model usage, or handling of potentially sensitive data. Because images may contain personal, financial, medical, or proprietary information, silent processing can expose users to unintended disclosure and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the operator to obtain a secret key and place it into an environment variable for subsequent command execution, but provides no guidance on secure handling, redaction, storage lifetime, or avoiding disclosure in logs and process environments. In an agent or shared execution context, this increases the risk of credential exposure, unintended reuse, or leakage to subprocesses and diagnostics.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code sends raw image contents to a remote endpoint without any visible warning, consent flow, or privacy notice. Because table images can contain confidential records, invoices, lab results, or internal data, undisclosed upload to a third party can cause unauthorized disclosure and compliance issues even if the endpoint uses HTTPS.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal