ClawHub

Household Book Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it uploads a user-chosen household-register document to Scnet's OCR API and returns extracted fields, but users should treat that data as highly sensitive.

Install only if you are comfortable sending household-register images, PDFs, or extracted text to Scnet for processing. Avoid uploading unnecessary pages, review the provider's privacy and retention terms, and keep SCNET_API_KEY in a protected config file rather than pasting it into chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates capabilities to read local files, invoke Python from the shell, and send image contents to an external OCR API, but it declares no permissions. This is dangerous because users and orchestrators may not realize that sensitive local identity documents will be accessed and transmitted off-host, reducing informed consent and weakening policy enforcement.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes uploading images, PDFs, and ZIP archives containing household registration documents to a third-party OCR API, and the example response includes highly sensitive personal data such as name, address-related fields, religion, and ID number. In the context of a household-register OCR skill, this creates a real privacy and compliance risk because users may transmit government ID documents and other special-category personal data without any explicit warning, consent flow, minimization guidance, or retention/deletion disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
SCNET_API_KEY=your_scnet_api_key_here

# API 基础地址(一般无需修改)
SCNET_API_BASE=https://api.scnet.cn/api/llm/v1
```
2. 添加:`SCNET_API_KEY=你的密钥`
3. 设置文件权限为 600(仅所有者可读写)
Confidence
93% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
| 变量名 | 默认值 | 说明 |
|--------|--------|------|
| SCNET_API_KEY | 必需 | Scnet API 密钥 |
| SCNET_API_BASE | https://api.scnet.cn/api/llm/v1 | API 基础地址(一般无需修改) |

### 输出
Confidence
90% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
# Sugon-Scnet OCR API 文档摘要

## 接口地址
`POST https://api.scnet.cn/api/llm/v1/ocr/recognize`

## 请求头
- `Content-Type: multipart/form-data`
Confidence
90% confidence
Finding
https://api.scnet.cn/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal