Birth Medical Cert Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real OCR wrapper, but it can upload very sensitive birth-certificate documents to a third-party API without enough consent, privacy, or routing safeguards.

Install only after confirming you trust Scnet to process birth certificate images and any extracted identity or medical details. Use it only with explicit user intent and a specific file path, avoid unrelated OCR tasks, do not upload documents you are not authorized to share, and protect the API key stored in config/.env.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill declares no permissions, yet its documented behavior clearly involves reading local files, invoking Python/shell commands, and transmitting document contents to an external OCR API. This mismatch weakens user awareness and policy enforcement, increasing the chance that sensitive local images are processed or exfiltrated without explicit consent boundaries.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The code tells users that environment variables are the recommended way to supply the API key, but the implementation only reads the key from a local config/.env file. This mismatch encourages users to place credentials on disk while giving a false impression that safer ephemeral environment-based configuration is supported, increasing the chance of accidental key exposure through filesystem access, backups, or repository inclusion.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README is a generic template and does not describe how the skill handles highly sensitive personal and medical data contained in birth certificates. For a skill whose explicit purpose is OCR and extraction of birth medical certificate information, the absence of privacy, retention, consent, and access-handling guidance creates a real security and compliance risk because users may process regulated data without understanding protections or limitations.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description says the skill should be used for general OCR text extraction as well as birth medical certificates, which is broader than the specialized skill name suggests. Over-broad routing can cause the agent to invoke this skill on unrelated documents, leading to unnecessary external transmission of arbitrary user files to the vendor API.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The guidance says the AI will auto-trigger based on description keywords instead of strict, explicit conditions. In a skill that reads local files and sends images to an external OCR endpoint, ambiguous triggering increases the risk of unintended execution on sensitive personal documents.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This documentation describes uploading images containing birth medical certificate data to an external OCR service but does not warn that the files and extracted results may include highly sensitive personal and medical information. In this skill context, the omission is more dangerous because the example fields include names, addresses, ID numbers, birth details, and parent information for a newborn, which raises privacy, compliance, and consent risks when transmitted to a third party.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The manifest description says the skill should be used whenever a user needs OCR or birth medical certificate recognition, which is a broad activation scope without clear constraints. Overbroad triggers can cause the agent to invoke this skill in situations involving arbitrary images or sensitive identity documents, increasing unnecessary data exposure to the external OCR provider.

Natural-Language Policy Violations

Medium

Confidence: 72% confidence
Finding: The description is written to operate in Chinese without indicating that language behavior should follow the user's preference. This can lead to mismatched outputs, reduced transparency, and incorrect handling when users expect another language, though it is primarily a quality and policy issue rather than a direct security exploit.

External Transmission

Medium

Category: Data Exfiltration
Content: # Sugon-Scnet OCR API 文档摘要 ## 接口地址 `POST https://api.scnet.cn/api/llm/v1/ocr/recognize` ## 请求头 - `Content-Type: multipart/form-data`
Confidence: 87% confidence
Finding: https://api.scnet.cn/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal