Back to skill

Security audit

Image Reader

Security checks across malware telemetry and agentic risk

Overview

This is a local OCR helper that reads user-provided images and does not show hidden uploads, persistence, credential use, or destructive behavior.

Install only if you are comfortable using RapidOCR, ONNX Runtime, and Pillow and allowing OCR models to download on first use. Avoid processing images containing passwords, financial data, private documents, or confidential screenshots unless you intend the agent to extract that text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation description is broad enough that the skill may trigger whenever an image is present and the agent 'needs to understand' text, not only when the user explicitly requests OCR. This can cause unnecessary processing of screenshots, documents, receipts, or photos that may contain sensitive text, increasing privacy and data-minimization risk without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation promotes OCR on screenshots, documents, and receipts but does not warn that uploaded images may contain passwords, personal data, financial information, or other sensitive text. In this context, missing disclosure and cautionary guidance makes inadvertent collection and processing of sensitive content more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.