ClawHub

Personal Id Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OCR wrapper for Scnet that uploads a user-specified document for recognition, but users should be careful because those documents can contain highly sensitive identity data.

Install only if you are comfortable sending the selected images or PDFs, including ID cards and possible financial documents, to Scnet for OCR. Protect SCNET_API_KEY, verify the Scnet endpoint and privacy terms, avoid using broad generic OCR prompts accidentally, and only provide file paths for documents you intentionally want uploaded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is named and described as personal ID OCR, but the body claims broader support for bank cards and invoices. This mismatch weakens least-privilege expectations and can cause users or orchestrators to invoke the skill for broader document processing than intended, increasing the chance of unintended collection and transmission of sensitive financial or personal data.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The trigger examples invite use for invoices and generic text extraction even though the declared purpose is ID-card OCR. Overbroad invocation language can cause accidental activation on unrelated documents, potentially sending sensitive local files to a third-party service without the user realizing this specific skill handles more than identity cards.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The AI-trigger guidance is broad enough that ordinary OCR-style requests could auto-activate this skill. In an agent setting, ambiguous activation can lead to processing and remote upload of local documents without a clear, document-specific user consent step, which is risky for identity and financial records.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill processes highly sensitive identity documents yet does not clearly disclose that local images and extracted PII will be transmitted to a remote third-party OCR service. Missing privacy notice and consent are especially dangerous here because ID cards contain full legal identity information that can enable identity theft, fraud, or regulatory noncompliance if mishandled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to upload highly sensitive identity documents, including full ID card images and extracted personal identifiers, to a remote third-party OCR API without any privacy warning, retention policy, or transmission/processing safeguards. In this skill context, the data includes government ID numbers, addresses, birth dates, and issuing authority details, so missing privacy and handling guidance materially increases the risk of unintended disclosure, compliance violations, and unsafe deployment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script uploads a local image of a government ID to a third-party OCR API, but there is no explicit just-in-time consent or warning at the moment of transmission. Because身份证 images contain highly sensitive PII, silent exfiltration to a remote service creates a real privacy and compliance risk if users do not clearly understand that data leaves the local environment.

External Transmission

Medium
Category
Data Exfiltration
Content
)
        sys.exit(error_msg)

    config.setdefault('SCNET_API_BASE', 'https://api.scnet.cn/api/llm/v1')
    return config

def recognize_with_retry(ocr_type, file_path, config, retry_count=0):
Confidence
95% confidence
Finding
https://api.scnet.cn/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal