Security audit

Tesseract OCR Image Text Extraction

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OCR helper, with normal cautions around remote image URLs and installing its Node dependency.

Use local files for sensitive images. Only pass image URLs you trust, and be aware that installing the skill dependency downloads third-party code and creates or modifies npm files in the skill directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly supports OCR on image URLs but does not warn that fetching a remote URL causes network access and may disclose sensitive image contents, request metadata, or internal URLs if users pass private resources. In a security-sensitive agent setting, this omission can lead users to process confidential screenshots or documents through unintended remote retrieval paths without understanding the privacy implications.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installation step instructs the agent to run npm initialization and install a package from the network without disclosing that this changes the filesystem and executes package-manager behavior on untrusted external code. In an agent environment, hidden install side effects increase supply-chain and environment-modification risk, especially when performed automatically under a privileged workspace path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.