Back to skill

Security audit

Tesseract OCR Image Text Extraction

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OCR helper, with normal cautions around remote image URLs and installing its Node dependency.

Use local files for sensitive images. Only pass image URLs you trust, and be aware that installing the skill dependency downloads third-party code and creates or modifies npm files in the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly supports OCR on image URLs but does not warn that fetching a remote URL causes network access and may disclose sensitive image contents, request metadata, or internal URLs if users pass private resources. In a security-sensitive agent setting, this omission can lead users to process confidential screenshots or documents through unintended remote retrieval paths without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installation step instructs the agent to run npm initialization and install a package from the network without disclosing that this changes the filesystem and executes package-manager behavior on untrusted external code. In an agent environment, hidden install side effects increase supply-chain and environment-modification risk, especially when performed automatically under a privileged workspace path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.