Security audit

pdf-ocr-byzhangchong

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF OCR helper whose script and documentation match its stated purpose, with normal cautions around batch file processing and optional scheduling.

Install OCR dependencies from trusted sources, run the script on copies of important PDFs first, and keep batch or scheduled runs pointed only at directories meant for OCR. Watch output folders for repeated files if using daily automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill explicitly instructs the agent to execute a Python script via the shell, but it declares no permissions or capability boundaries. This creates an authorization gap: downstream systems or reviewers may treat the skill as low-risk documentation while it can actually invoke local command execution on arbitrary file paths.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal