ClawHub

Finance OCR Pro

Security checks across malware telemetry and agentic risk

Overview

This OCR skill is transparent about sending document page images to a user-configured model endpoint, and its sensitive behavior fits its stated purpose.

Install only if you are comfortable sending document page images and prompts to the configured BASE_URL. For sensitive files, use a trusted local or approved provider endpoint, keep API_KEY out of shared files, pin/update dependencies in your environment, and treat generated HTML reports as untrusted document-derived content before sharing or opening broadly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (21)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs sensitive operations: it reads environment variables, reads and writes files, invokes shell commands, and sends document data over the network to a configured OCR endpoint. However, the manifest does not declare permissions for these capabilities, which weakens reviewability and enforcement and can lead users or platforms to underestimate the skill's access and data-exposure surface.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# AI model client
openai>=1.0
python-dotenv>=0.19

# PDF / image processing
Confidence
95% confidence
Finding
openai>=1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# AI model client
openai>=1.0
python-dotenv>=0.19

# PDF / image processing
PyMuPDF>=1.21
Confidence
95% confidence
Finding
python-dotenv>=0.19

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=0.19

# PDF / image processing
PyMuPDF>=1.21
Pillow>=9.0
pdf2image>=1.16
Confidence
95% confidence
Finding
PyMuPDF>=1.21

Unpinned Dependencies

Low
Category
Supply Chain
Content
# PDF / image processing
PyMuPDF>=1.21
Pillow>=9.0
pdf2image>=1.16

# Markdown → HTML rendering
Confidence
95% confidence
Finding
Pillow>=9.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# PDF / image processing
PyMuPDF>=1.21
Pillow>=9.0
pdf2image>=1.16

# Markdown → HTML rendering
markdown2>=2.4
Confidence
94% confidence
Finding
pdf2image>=1.16

Unpinned Dependencies

Low
Category
Supply Chain
Content
pdf2image>=1.16

# Markdown → HTML rendering
markdown2>=2.4

# Markdown → DOCX rendering
python-docx>=0.8.11
Confidence
96% confidence
Finding
markdown2>=2.4

Unpinned Dependencies

Low
Category
Supply Chain
Content
markdown2>=2.4

# Markdown → DOCX rendering
python-docx>=0.8.11
beautifulsoup4>=4.12
lxml>=4.9
latex2mathml>=3.75
Confidence
94% confidence
Finding
python-docx>=0.8.11

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Markdown → DOCX rendering
python-docx>=0.8.11
beautifulsoup4>=4.12
lxml>=4.9
latex2mathml>=3.75
Confidence
94% confidence
Finding
beautifulsoup4>=4.12

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Markdown → DOCX rendering
python-docx>=0.8.11
beautifulsoup4>=4.12
lxml>=4.9
latex2mathml>=3.75

# Markdown → Excel rendering
Confidence
96% confidence
Finding
lxml>=4.9

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx>=0.8.11
beautifulsoup4>=4.12
lxml>=4.9
latex2mathml>=3.75

# Markdown → Excel rendering
openpyxl>=3.1
Confidence
93% confidence
Finding
latex2mathml>=3.75

Unpinned Dependencies

Low
Category
Supply Chain
Content
latex2mathml>=3.75

# Markdown → Excel rendering
openpyxl>=3.1
unicodeit>=0.7

# Windows-only Office COM conversion fallback
Confidence
95% confidence
Finding
openpyxl>=3.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Markdown → Excel rendering
openpyxl>=3.1
unicodeit>=0.7

# Windows-only Office COM conversion fallback
pywin32>=306; platform_system == "Windows"
Confidence
92% confidence
Finding
unicodeit>=0.7

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

Known Vulnerable Dependency: PyMuPDF — 1 advisory(ies): CVE-2026-3029 (PyMuPDF has a path traversal in _main_.py)

Low
Category
Supply Chain
Confidence
66% confidence
Finding
PyMuPDF

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
Pillow

Known Vulnerable Dependency: markdown2 — 8 advisory(ies): CVE-2009-3724 (Cross-site scripting in markdown2 for python); CVE-2020-11888 (XSS in python-markdown2); CVE-2021-26813 (markdown2 Regular Expression Denial of Service ) +5 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
markdown2

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
88% confidence
Finding
python-docx

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
93% confidence
Finding
lxml

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
89% confidence
Finding
openpyxl

Known Vulnerable Dependency: pywin32 — 2 advisory(ies): CVE-2021-32559 (Integer overflow in pywin32); CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when adding an acces)

High
Category
Supply Chain
Confidence
82% confidence
Finding
pywin32

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal