ClawHub

夸克扫描王 OCR文字识别 - yescan ocr universal

Security checks across malware telemetry and agentic risk

Overview

This OCR skill is coherent and disclosed, but it sends submitted images and an API key to Quark’s OCR service, so sensitive documents need care.

Install only if you trust the publisher and Quark’s OCR service with the images you submit. Use a dedicated or revocable API key where possible, monitor quota usage, and avoid sending highly sensitive identity, medical, financial, or business documents unless third-party processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented skill scope is OCR, but the implementation reportedly supports additional image transformation, document export, and binary file write operations that are not disclosed in SKILL.md. This broadens the attack surface and can surprise users by causing local file creation or data transformation beyond simple text extraction, especially when handling sensitive identity, medical, or financial documents.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The saver methods accept a caller-provided filepath and pass it directly to open() after creating parent directories, with no restriction that the destination remain under the intended temp/output directory. If untrusted input can reach these methods, an attacker can overwrite arbitrary writable files on the host, which is especially risky in an OCR skill that processes external content and may run with access to shared temp space or application files.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The client reads local files or accepts base64/image URLs and unconditionally transmits the image contents to a remote OCR API. In an OCR skill that commonly handles IDs, invoices, medical reports, and other sensitive documents, this creates a real privacy and data-governance risk if users are not clearly informed that document contents leave the local environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code loads API credentials and transmits user-supplied OCR content to a remote OCR service, but this file provides no explicit user-facing notice, consent flow, or data-sensitivity warning before sending potentially sensitive documents. In the context of this skill, the risk is elevated because it is specifically designed to process IDs, licenses, medical reports, invoices, and other highly sensitive personal or financial documents.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal