ClawHub

Baidu Ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill performs the expected Baidu cloud OCR workflow, but it embeds Baidu credentials and under-discloses that user-selected images are uploaded to a third party.

Review carefully before installing. Use only a revised version that removes embedded Baidu credentials, rotates any exposed keys, loads your own least-privilege OCR credentials from secure configuration, and clearly warns users that selected images are uploaded to Baidu for OCR processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates the tool depends on external Baidu OCR APIs and therefore has network capability, but no explicit permission/notice is declared for that behavior. This creates a transparency and policy gap: users may invoke the skill expecting local OCR processing while their data is actually transmitted off-host to a third party.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The described behavior does not fully match the reported implementation: the finding says the code hardcodes API credentials, uploads local image contents to Baidu cloud, and only performs general OCR despite claiming table/formula support. Hardcoded secrets and undisclosed cloud upload materially increase risk, while misleading capability claims can cause users to expose sensitive documents under false assumptions about how and where processing occurs.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The guide exposes an active API key and documents several unrelated Baidu AI permissions such as dish, car, animal, plant, and flower classification even though the skill is presented as OCR-only. This expands the apparent capability scope, may encourage over-privileged configuration, and leaks sensitive credential material that could be reused against unrelated services.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Including unrelated image-classification capabilities in an OCR activation guide normalizes broader access than the skill's stated purpose requires. In combination with the exposed credential context, this can mislead users into trusting an over-scoped integration and increases the blast radius if the key is abused.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description does not clearly warn that provided images are sent to Baidu's external OCR API. For OCR workflows, inputs often contain sensitive documents, IDs, contracts, or screenshots, so failing to disclose third-party transmission can lead to unintended data exposure and privacy/compliance issues.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads a local image and transmits its full contents to Baidu's remote OCR API, but the CLI flow does not clearly warn users that potentially sensitive data will leave the local system. In a skill context, users may process IDs, invoices, screenshots, or confidential documents, so silent exfiltration to a third-party service creates a real privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal