ClawHub

General Print Invoice Ocr

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote invoice OCR skill; the main risk is that invoice files are intentionally uploaded to Scnet’s external API for processing.

Install only if you are allowed to send the target invoices to Scnet’s external OCR service. Keep SCNET_API_KEY in an environment variable or chmod 600 config/.env file, do not paste it into chat, and review Scnet’s data handling terms before processing confidential invoices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation indicates it will read local files, consume environment variables, invoke Python from the shell, and send data to a remote API, but it does not declare any permissions. This creates a transparency and governance gap: users and orchestrators cannot accurately evaluate the skill’s access to sensitive files, credentials, or network egress before use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to upload potentially sensitive invoice images/files and send an API bearer token to a third-party OCR endpoint, but it provides no warning about external data transmission, privacy, retention, or consent requirements. In the context of invoice OCR, the uploaded content commonly contains personal, financial, tax, and business-identifying information, so omission of disclosure and handling guidance creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads the user-supplied invoice file to a third-party remote OCR API, but there is no explicit user-facing notice or consent step at the point of transmission. Because invoices commonly contain sensitive personal and financial data, silent transmission to an external service creates a real privacy and data-governance risk even if the code is otherwise functioning as intended.

External Transmission

Medium
Category
Data Exfiltration
Content
SCNET_API_KEY=your_scnet_api_key_here

# API 基础地址(一般无需修改)
SCNET_API_BASE=https://api.scnet.cn/api/llm/v1
```
2. 添加:`SCNET_API_KEY=你的密钥`
3. 设置文件权限为 600(仅所有者可读写)
Confidence
85% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
| 变量名 | 默认值 | 说明 |
|--------|--------|------|
| SCNET_API_KEY | 必需 | Scnet API 密钥 |
| SCNET_API_BASE | https://api.scnet.cn/api/llm/v1 | API 基础地址(一般无需修改) |

### 输出
Confidence
84% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
config['SCNET_API_BASE'] = env_api_base

    # 3. 设置默认值
    config.setdefault('SCNET_API_BASE', 'https://api.scnet.cn/api/llm/v1')

    # 4. 检查必要配置
    api_key = config.get('SCNET_API_KEY', '')
Confidence
85% confidence
Finding
https://api.scnet.cn/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal