Scnet Ocr

Security checks across malware telemetry and agentic risk

Overview

This cloud OCR skill behaves consistently with its purpose by sending user-selected documents to Scnet for OCR, but sensitive documents should only be processed with clear user intent.

Install only if you are comfortable sending the selected documents to Scnet's OCR service. Avoid using it on IDs, bank cards, payment records, birth records, or medical invoices unless you have permission and understand the provider's retention and privacy terms. Prefer setting the API key through a protected environment variable or chmod 600 config/.env file, and confirm the exact file path before running OCR.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly requires reading local files, using an API key from the environment, making outbound network requests, and invoking a Python script, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and orchestrators may authorize the skill without realizing it can access sensitive local documents and transmit them externally.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The auto-trigger guidance is broad enough that the agent may invoke the skill whenever a user mentions OCR or documents, without a clear confirmation boundary. In this context, that can cause unintended processing of highly sensitive identity, financial, and medical documents and automatic transmission to a third-party OCR provider.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill handles highly sensitive local files including IDs, bank cards, invoices, and medical documents, yet the markdown does not clearly warn users that the image contents and extracted data will be sent to an external OCR service. This lack of informed consent materially increases privacy and compliance risk because users may assume processing is local.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This template documents extraction of a very broad set of highly sensitive personal and financial fields, including ID numbers, bank accounts, passports, payment credentials, and medical/birth records, but provides no handling guidance, minimization rules, masking expectations, or warning about sensitive-data processing. In an OCR skill specifically designed to process such documents, this increases the likelihood that downstream agents or integrators will collect, expose, log, or over-retain regulated data without adequate safeguards.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs clients to upload images, PDFs, and compressed archives containing OCR targets to a third-party endpoint, but it does not warn users that potentially sensitive files and extracted text will be transmitted off-platform. In this skill’s context, the supported documents include IDs, bank cards, household records, invoices, and payment documents, so omission of a clear disclosure materially increases privacy, compliance, and data-handling risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code uploads the user-supplied file to a third-party OCR API, and this skill is explicitly designed to process highly sensitive documents such as ID cards, bank cards, passports, invoices, and medical records. Without an explicit user-facing consent/privacy warning in the execution path, users may unknowingly transmit regulated personal or financial data off-host.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is extremely broad and covers many OCR/document types without clear activation boundaries, increasing the chance the agent invokes it for loosely related requests or on highly sensitive identity and financial documents by default. In this context, overbroad triggering is risky because the skill processes large categories of PII and financial records, which can lead to unnecessary data exposure to an external service.

External Transmission

Medium

Category: Data Exfiltration
Content: SCNET_API_KEY=your_scnet_api_key_here # API 基础地址（一般无需修改） SCNET_API_BASE=https://api.scnet.cn/api/llm/v1 ``` 2. 添加：`SCNET_API_KEY=你的密钥` 3. 设置文件权限为 600（仅所有者可读写）
Confidence: 95% confidence
Finding: https://api.scnet.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: | 变量名 | 默认值 | 说明 | |--------|--------|------| | SCNET_API_KEY | 必需 | Scnet API 密钥 | | SCNET_API_BASE | https://api.scnet.cn/api/llm/v1 | API 基础地址（一般无需修改） | ### 输出
Confidence: 93% confidence
Finding: https://api.scnet.cn/

External Transmission

Medium

Category: Data Exfiltration
Content: # Sugon-Scnet OCR API 文档摘要 ## 接口地址 `POST https://api.scnet.cn/api/llm/v1/ocr/recognize` ## 请求头 - `Content-Type: multipart/form-data`
Confidence: 84% confidence
Finding: https://api.scnet.cn/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal