ClawHub

When dealing with text within an image, the system automatically recognizes it as an OCR (Optical Character Recognition) task and applies the corresponding capabilities.

Security checks across malware telemetry and agentic risk

Overview

This is a local Tesseract OCR helper whose files and examples match its stated image-to-text purpose, with privacy cautions for images from message caches or sensitive documents.

Install if you want a local OCR workflow using Tesseract. Use it on images you intentionally select, verify OCR results before relying on financial data, and avoid automatically processing Telegram or other inbound media unless you are comfortable converting those images into visible or saved text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documents shell execution and reading local files/images, but it does not declare equivalent permissions or capability boundaries. That mismatch weakens policy enforcement and user awareness, making it easier for the skill to access local data or invoke commands in contexts where such behavior was not explicitly approved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The stated purpose is OCR extraction, but the examples go further into financial-content parsing, keyword filtering, entity extraction, environment inspection, and lightweight analysis. This behavioral expansion can cause operators to grant or use the skill more broadly than intended, increasing the chance of processing sensitive data or making decisions based on undocumented analysis features.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples create output files in the local filesystem without warning about overwrite behavior, storage location, or sensitivity of extracted text. OCR output can contain confidential information, and writing it silently to disk can leave recoverable artifacts or overwrite existing files if naming is reused or adapted unsafely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Telegram example automatically selects the latest inbound image from a media directory and processes it without any privacy or trust boundary checks. Inbound messaging media may contain sensitive or attacker-controlled content, so encouraging automatic OCR on that directory increases the risk of unintended data processing and leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal