Security audit

PDF OCR Parse

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wrapper for a hosted PDF OCR API, but users should treat uploaded documents as being processed by a third party.

Install only if you are comfortable sending the selected PDF, uploaded file, or PDF URL to pdfapihub.com using your API key. Avoid confidential, regulated, or production documents until you have reviewed the provider's privacy, retention, and security terms, and use a dedicated API key that can be rotated.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill description says it extracts text using local Tesseract OCR, but the example actually sends the document URL to a third-party API service. This mismatch is dangerous because users may assume documents are processed locally while sensitive PDF contents are transmitted off-system, creating privacy, compliance, and data handling risks.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The example sends document data to an external network service even though the stated skill description emphasizes Tesseract OCR, which commonly implies local processing. In the context of OCR on potentially sensitive PDFs such as invoices, contracts, or IDs, exfiltration to an outside service can expose confidential information and expand the trust boundary without clear justification.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to provide a PDF via URL, base64, or file upload and to authenticate to a third-party service, but it does not clearly disclose that document contents will be transmitted off-platform to pdfapihub.com for OCR processing. This creates a real data-handling and privacy risk because users may submit sensitive invoices, legal, insurance, or medical documents without informed consent about external sharing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest sends either a PDF URL or full PDF content to a third-party remote OCR service, but it does not disclose that potentially sensitive document contents will leave the local environment and be processed externally. This creates a real privacy and data-governance risk, especially for scanned documents that may contain PII, financial, legal, or medical information, and users may unknowingly expose confidential material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.