Back to skill

Security audit

Chinese Handwriting Ocr

Security checks across malware telemetry and agentic risk

Overview

This is a local OCR toolkit with privacy caveats, but I found no hidden exfiltration, destructive behavior, or automatic privileged action.

Install and run this only in a trusted local environment, preferably a virtualenv. Treat generated PDFs, annotations, text files, logs, training data, and temporary images as sensitive when source PDFs are sensitive. Verify each script's --help output before relying on README engine examples, and avoid the broad PowerShell process-kill command unless you have confirmed it targets only the intended OCR process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code claims to embed OCR text as metadata or a text layer, but it also adds PDF annotations containing the extracted OCR text. Annotations are much more likely to be user-visible and easily extractable, which can unintentionally disclose sensitive text from processed documents to downstream viewers, reviewers, or systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes extraction of dates, signatures, and employee IDs from documents, which are sensitive personal or corporate identifiers, but provides no warning about privacy, consent, retention, or secure handling. In an OCR skill focused on document processing, this omission increases the risk that users will deploy it on personal records without safeguards, leading to privacy violations or misuse of extracted data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code writes full-page rendered document images to a path under the TEMP environment directory before OCR. These images can contain sensitive document contents and may remain accessible to other local users or processes if deletion fails, the process crashes, or the temp directory has weak permissions. In an OCR skill that processes handwritten dates from PDFs, this is a real privacy and data-exposure risk because the source documents may contain personal or business information beyond the target date field.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The second OCR stage also writes cropped page content to a temporary PNG on disk, again exposing document-derived data outside the main processing flow. Although the crop is narrower than the full page, it still contains potentially sensitive handwritten date and nearby contextual content, and the same residual-file and temp-directory exposure issues apply. The skill context increases concern because OCR commonly handles scanned forms, IDs, contracts, or records with confidential information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.