ClawHub

Personal Card Ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill appears purpose-built, but it uploads highly sensitive ID, financial, and civil-document images to an external OCR service without enough user-facing privacy and consent boundaries.

Review before installing. Use this only when you are allowed to send the document image to Scnet, and avoid processing passports, IDs, bank cards, birth certificates, or similar records unless you understand the service's privacy, retention, and compliance terms. Prefer explicit user confirmation before each upload and avoid broad automatic use for generic OCR.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-trigger guidance is broad enough to match generic OCR requests, which can cause the skill to activate on ordinary image-processing tasks without clearly signaling that identity documents may be sent to a third-party OCR service. Because the skill handles sensitive personal records, accidental invocation materially increases privacy and data-transfer risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly supports OCR of highly sensitive identity and civil documents, yet the documentation does not meaningfully warn users about privacy, retention, consent, jurisdiction, or third-party handling of uploaded document images. This is dangerous because users may unknowingly transmit passports, ID cards, birth certificates, and similar records containing PII to an external service without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This template documents extraction of a broad set of highly sensitive personal data, including national IDs, bank cards, household records, passports, birth certificates, and education credentials, but provides no privacy notice, consent boundary, minimization guidance, retention rules, or handling restrictions. In the context of an OCR skill explicitly designed to process identity and financial documents, this omission increases the risk of over-collection, accidental disclosure, and misuse of regulated personal data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs sending highly sensitive identity documents and personal records to a third-party OCR endpoint using bearer-token authenticated upload, but provides no privacy warning, consent requirement, data minimization guidance, retention notice, or handling restrictions. In the context of this skill, the uploaded content includes IDs, bank cards, passports, household records, and other regulated personal data, so omission of safety and privacy controls materially increases the risk of unauthorized disclosure, compliance violations, and user harm.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description is extremely broad and covers generic OCR plus many categories of highly sensitive identity and financial documents. This can cause the skill to activate for common image-text requests without clear boundaries, increasing the chance of collecting or processing unnecessary personal data such as ID numbers, bank card details, and passport information.

External Transmission

Medium
Category
Data Exfiltration
Content
# Sugon-Scnet OCR API 文档摘要

## 接口地址
`POST https://api.scnet.cn/api/llm/v1/ocr/recognize`

## 请求头
- `Content-Type: multipart/form-data`
Confidence
89% confidence
Finding
https://api.scnet.cn/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal