ClawHub

Business License Ocr

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate cloud OCR skill, but its instructions are broader than its business-license purpose and could send sensitive documents to an external OCR API.

Install only if you intend to send selected documents to Scnet for OCR. Before use, confirm the file path, document type, and endpoint, and avoid routing IDs, invoices, or other sensitive documents through this skill unless that broader processing is intentional and acceptable under your privacy requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The changelog states the skill supports 10 OCR document types, while the manifest describes it as specifically for Chinese mainland business licenses. This capability mismatch can mislead users and reviewers about the actual data the skill can process, expanding the effective attack surface to additional sensitive document classes such as IDs, bank cards, and invoices.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest says the skill is for business-license OCR, but the documentation advertises broader OCR for IDs, invoices, and generic text. This scope expansion can cause the agent to invoke the skill on more sensitive documents than users expect, increasing privacy and compliance risk when those files are sent to a third-party service.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The examples and tags contradict the declared single OCR type by suggesting use for identity documents, invoices, and generic text. In practice, this can broaden automatic triggering and lead to unintended handling of personal or regulated data outside the skill's stated purpose.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The AI trigger guidance is overly broad, encouraging automatic invocation for many OCR-like requests that do not match the documented capability. Over-broad triggering is dangerous because it can silently route unrelated sensitive files to an external OCR API without sufficiently specific user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal