ClawHub

ucloud-deepseek-ocr

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward cloud OCR helper that uploads a user-selected image to a configured API, with privacy caveats but no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable sending the specific images you process to the configured OCR API. Check DEEPSEEK_OCR_API_URL before use, keep DEEPSEEK_OCR_API_KEY private, avoid sensitive images unless the provider is approved for them, and make sure ~/.openclaw-env is trusted before the script sources it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes a shell script and requires command-line tools, but it does not declare permissions for shell execution. That creates a transparency and policy-enforcement gap: users or orchestrators may not realize the skill can execute local commands, reducing auditability and increasing risk if the script is later modified or misused.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation presents OCR on local images without clearly warning that the image contents are transmitted to a remote third-party API. This can cause users to send sensitive screenshots, IDs, medical documents, or proprietary images off-device without informed consent, which is especially risky in an OCR skill because the whole purpose is to process potentially sensitive visual data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the full image contents to a third-party OCR endpoint without any explicit notice, consent prompt, or dry-run indication at execution time. Because images may contain sensitive screenshots, documents, credentials, or personal data, this can cause unintended data disclosure even though remote OCR is part of the feature's purpose.

External Transmission

Medium
Category
Data Exfiltration
Content
}
```

Default API URL: `https://api.modelverse.cn/v1/chat/completions`
Override with `DEEPSEEK_OCR_API_URL` if needed.
Confidence
88% confidence
Finding
https://api.modelverse.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
PROMPT="convert to $FORMAT"

# 发送请求
RESPONSE=$(curl -s "$API_URL" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DEEPSEEK_OCR_API_KEY" \
  -d @- <<EOF
Confidence
95% confidence
Finding
curl -s "$API_URL" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $DEEPSEEK_OCR_API_KEY" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal