Fixed Amount Invoice Ocr
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward invoice OCR helper that uploads a user-specified file to Scnet’s OCR API, with some documentation and metadata inconsistencies to review.
Install only if you are comfortable sending invoice files to Scnet’s OCR service. Use an environment variable or a permission-restricted config/.env file for SCNET_API_KEY, avoid pasting the key into chat, and verify the publisher/source because the README and homepage metadata are not polished.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.