Financial Bill Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends a user-selected financial document to Scnet's OCR API and returns structured results, but users should treat those uploads as sensitive.

Install only if you are comfortable sending selected financial documents to Scnet's remote OCR service. Use a dedicated API key stored in config/.env, avoid pasting keys into chat, confirm each sensitive upload, and do not use it for regulated or confidential records unless Scnet's data handling terms meet your requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill clearly performs local file access, network transmission to a third-party OCR API, and shell execution via a Python command, yet it does not declare permissions. This creates a transparency and consent gap: an agent or user may invoke the skill without realizing it can read local financial documents and transmit them externally.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance says the AI may auto-trigger based on broad description keywords for identifying financial documents from a local path. Because the skill reads local files and sends them to an external OCR provider, vague trigger boundaries increase the chance of unintended invocation and accidental disclosure of sensitive financial data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The markdown explains configuration and usage but does not clearly warn that local financial document images will be uploaded to an external OCR API for processing. Since the skill handles highly sensitive banking and payment records, lack of a prominent transmission warning can lead to uninformed consent and privacy or compliance violations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation describes uploading financial documents and returning structured OCR results that can include highly sensitive personal and financial data, but it provides no privacy notice, data handling guidance, retention limits, or user-consent requirements. In the context of a financial bill OCR skill, this omission is more dangerous because users are likely to submit regulated or confidential documents and may not realize they are being transmitted to a third-party external service.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script uploads the user-supplied document file to a third-party OCR endpoint, but the normal execution path provides no runtime notice or consent prompt that the file contents will leave the local environment. Because this skill handles financial bills and receipts, the transmitted data is likely sensitive and may include account, payment, or personally identifiable information.

External Transmission

Medium

Category: Data Exfiltration
Content: SCNET_API_KEY=your_scnet_api_key_here # API 基础地址（一般无需修改） SCNET_API_BASE=https://api.scnet.cn/api/llm/v1 ``` 2. 添加：`SCNET_API_KEY=你的密钥` 3. 设置文件权限为 600（仅所有者可读写）
Confidence: 90% confidence
Finding: https://api.scnet.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: | 变量名 | 默认值 | 说明 | |--------|--------|------| | SCNET_API_KEY | 必需 | Scnet API 密钥 | | SCNET_API_BASE | https://api.scnet.cn/api/llm/v1 | API 基础地址（一般无需修改） | ### 输出
Confidence: 89% confidence
Finding: https://api.scnet.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: # Sugon-Scnet OCR API 文档摘要 ## 接口地址 `POST https://api.scnet.cn/api/llm/v1/ocr/recognize` ## 请求头 - `Content-Type: multipart/form-data`
Confidence: 86% confidence
Finding: https://api.scnet.cn/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal