ClawHub

ifly-pdf-image-ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill does what it advertises, but users should understand that selected images and PDFs are sent to iFlytek’s remote OCR service.

Install only if you are comfortable sending chosen images or PDFs to iFlytek for OCR. Use dedicated iFlytek credentials where possible, avoid confidential documents unless your policy permits third-party processing, and review any returned download URLs or saved output paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables, file output, and outbound network access, but no declared permissions are present. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can read secrets, send document contents to an external service, and write extracted data locally. In an OCR skill, these capabilities are expected, but undeclared capabilities still increase risk because they affect sensitive user files and credentials.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description uses broad trigger language such as handling 'any OCR tasks' and converting PDFs/images in general, which can cause the skill to activate for ordinary file-processing requests without clear user intent. In this context, overbroad matching is dangerous because activation leads to sending document contents to a third-party OCR provider, potentially exposing sensitive files unexpectedly.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation describes OCR against iFlytek APIs but does not clearly warn that uploaded images, PDFs, and extracted text are transmitted to a third-party service. This is a significant privacy issue because users may submit confidential documents, and the skill context makes the risk higher since OCR inputs often contain IDs, contracts, financial records, or other sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code base64-encodes the full image and sends it to a third-party OCR endpoint, but the script does not explicitly warn the user that local file contents will leave the machine. This creates a privacy and data-handling risk, especially if users process sensitive documents such as IDs, contracts, or medical records under the assumption that OCR happens locally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code uploads a local PDF file or sends a PDF URL to an external OCR API, which can expose potentially sensitive document contents to a third party without any explicit notice or consent mechanism in the tool itself. Because this skill's purpose is OCR, remote processing is contextually expected, but the lack of a clear disclosure still creates a real privacy and data-handling risk, especially for confidential documents.

External Transmission

Medium
Category
Data Exfiltration
Content
auth_url = self._generate_auth_url()

        # Send request
        response = requests.post(
            auth_url,
            json=request_data,
            headers={"Content-Type": "application/json"},
Confidence
91% confidence
Finding
requests.post( auth_url, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal