Education Filing Form Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward OCR integration, but users should understand that it sends education-document images or PDFs to SCNet for processing.

Install only if you are comfortable sending the selected education documents to SCNet's OCR API. Avoid uploading documents unless you have permission to process them, and verify SCNet's privacy, retention, residency, and contractual terms before using it for regulated or high-sensitivity records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation describes uploading highly sensitive identity and education documents to a third-party OCR endpoint and returning extracted personal data such as name, ID number, birth date, address, and stamps, but provides no privacy warning, consent requirement, data handling constraints, or retention guidance. In this skill context, the omission is more dangerous because the target documents are inherently privacy-sensitive and may contain regulated personal information, increasing the risk of unauthorized disclosure, compliance violations, and unsafe downstream use.

External Transmission

Medium

Category: Data Exfiltration
Content: # Sugon-Scnet OCR API 文档摘要 ## 接口地址 `POST https://api.scnet.cn/api/llm/v1/ocr/recognize` ## 请求头 - `Content-Type: multipart/form-data`
Confidence: 84% confidence
Finding: https://api.scnet.cn/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal