ClawHub

Online Deepseek-OCR

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward cloud OCR skill that sends only user-chosen images or image URLs to a configured OCR API, with no evidence of hidden or unrelated behavior.

Install this only if you are comfortable sending chosen screenshots, document photos, or image URLs to the configured SiliconFlow-compatible endpoint. Use a dedicated limited API key, keep config.json private, and consider installing in an isolated environment with pinned dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes use of a cloud OCR model but does not clearly warn users that supplied images or image URLs will be transmitted to a third-party remote service for processing. This can lead to unintended disclosure of sensitive screenshots, documents, or private URLs, especially because OCR inputs commonly contain credentials, personal data, or internal business information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup instructions tell users to store the API key in a local config.json file but provide no warning about protecting that file from source control, sharing, or improper permissions. This increases the chance of credential leakage through accidental commits, backups, screenshots, or multi-user systems, which could enable unauthorized API use and billing abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code transmits either a user-supplied image URL or locally processed image content to a third-party OCR API, but the CLI and code provide no explicit notice or consent mechanism before sending potentially sensitive image data off-device. In an OCR skill, images often contain personal, financial, or confidential information, so silent remote transmission creates a real privacy and data-handling risk even if the feature is intentional.

External Transmission

Medium
Category
Data Exfiltration
Content
max_retries = 5
        for attempt in range(max_retries):
            try:
                response = requests.post(
                    f"{self.base_url}/chat/completions",
                    headers=headers,
                    json=payload,
Confidence
95% confidence
Finding
requests.post( f"{self.base_url}/chat/completions", headers=headers, json=

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Pillow>=9.0.0
numpy>=1.21.0
Confidence
97% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Pillow>=9.0.0
numpy>=1.21.0
Confidence
97% confidence
Finding
Pillow>=9.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Pillow>=9.0.0
numpy>=1.21.0
Confidence
97% confidence
Finding
numpy>=1.21.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
72% confidence
Finding
requests

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
86% confidence
Finding
Pillow

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
80% confidence
Finding
numpy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal