ClawHub

Agent Paddleocr Vision

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud OCR document-analysis skill, but users should treat uploads and generated outputs as sensitive.

Install only if you trust the configured PaddleOCR endpoint and are allowed to upload the documents being processed. Avoid regulated or confidential documents unless approved, protect the access token, store generated outputs in a secure location, and require human confirmation before acting on any suggested financial, identity, contact, calendar, or record-keeping action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This module goes beyond OCR/document understanding and generates suggested downstream actions for external workflows such as accounting, contacts, calendar events, and message sending. Even though it does not directly execute those actions here, exposing these suggestions from an OCR skill expands capability scope and can cause an agent to trigger side-effectful operations on untrusted document content.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The code derives structured personal data from identity documents and suggests actions like storing passport or license information and verifying age or validity. In an OCR-oriented skill, this is risky because highly sensitive identity data may be transformed into actionable outputs without strong purpose limitation, minimization, or consent, increasing the chance of privacy harm or downstream misuse.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The bank-statement and tax-form handlers propose financial analysis actions using account and tax data that exceed basic document understanding. This expands an OCR parser into a finance-processing component, which raises risk of inappropriate handling of regulated or highly sensitive financial information if connected to agent automations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The meeting-minutes and travel-itinerary flows suggest creating calendar events and sending summaries, which are side-effectful actions outside the stated OCR/document-understanding scope. If an agent consumes these suggestions automatically, untrusted document text could indirectly drive communications or scheduling actions the user did not intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly sends potentially sensitive documents such as IDs, passports, bank statements, contracts, resumes, and tax forms to a cloud OCR API, but the README does not provide a clear privacy, retention, or data-handling warning. In this skill context, that omission is more dangerous because the processed inputs commonly contain regulated personal, financial, and business-confidential data, so users may unknowingly transmit sensitive content to a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to configure a cloud OCR endpoint and token but does not explicitly warn that uploaded document contents will be transmitted to an external API. Given the supported document types include passports, ID cards, bank statements, contracts, and tax forms, this omission creates a significant risk of unintentional disclosure of highly sensitive personal and financial information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that document processing relies exclusively on a cloud PaddleOCR API, which means potentially sensitive document contents are transmitted off-host to a third party. Because the skill handles invoices, IDs, passports, bank statements, resumes, and tax forms, the lack of a prominent privacy/data-handling warning can cause operators to unintentionally send highly sensitive personal or financial data to an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly describes use of a cloud OCR API to process documents, but it does not clearly warn users that full document contents may be transmitted to a third-party service. Because this skill is meant for invoices, IDs, passports, bank statements, and other highly sensitive records, omission of a privacy/data-transfer warning can lead to unintentional disclosure of personal, financial, or regulated data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents JSON output and searchable PDF generation but does not clearly warn that these artifacts can persist extracted sensitive text on disk. Since the skill processes documents like passports, ID cards, bank statements, and tax forms, local output files may become a secondary data-exposure source through backup systems, shared folders, or weak file permissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that documents are processed via a cloud PaddleOCR API and shows sending potentially sensitive files such as invoices, passports, ID cards, bank statements, and tax forms, but it does not warn about privacy, retention, third-party processing, or compliance implications. In this skill context, that omission is more dangerous because the supported document types routinely contain highly sensitive personal and financial data, so users may unknowingly exfiltrate regulated information to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to upload potentially sensitive documents such as IDs, passports, bank statements, tax forms, contracts, and resumes to a cloud OCR API, but the README does not warn users about confidentiality, retention, third-party processing, or compliance implications. In this context, the omission is material because users may process highly sensitive personal or financial data without informed consent or appropriate controls, increasing the risk of privacy breaches and regulatory exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Sensitive identity-document data such as ID numbers, names, birth dates, passport numbers, and license numbers are extracted and packaged into actions without any visible warning, consent step, or minimization. That creates a real privacy and security issue because downstream systems may store or process highly sensitive PII based solely on OCR output from potentially untrusted documents.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The bank-statement logic extracts account numbers, balances, and statement periods and feeds them into action suggestions without disclosure that sensitive financial data is being processed. This can lead to inadvertent exposure or misuse of financial information, especially if these suggestions are logged, persisted, or forwarded to other tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool prints OCR text and structured extraction results to stdout and writes full JSON/text outputs to disk without masking, minimization, or any warning about sensitive document contents. In OCR workflows, inputs commonly contain PII, financial data, contracts, or credentials, so this behavior can leak sensitive data into terminals, logs, shared filesystems, CI logs, or shell history.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The --file-url path allows remote document processing without warning that the URL and fetched content may be transmitted to external OCR backends via parse_document, potentially exposing confidential documents to third parties. In an agent skill context, users may assume local-only processing, so silent network transmission increases privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends either a local file's full base64-encoded contents or a user-supplied file URL to a remote PaddleOCR service, which is a real data-exfiltration/privacy concern if users are not clearly informed. In this skill's context, transmitting document contents is core functionality rather than malicious behavior, but it is still dangerous because documents may contain sensitive personal, financial, legal, or proprietary data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal