Back to skill

Security audit

Expense Voucher Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate OCR wrapper, but it uploads sensitive financial documents to a third-party API without a clear, prominent privacy warning or confirmation step.

Install only if you are comfortable sending selected invoices, vouchers, tickets, PDFs, or similar financial documents to Scnet for OCR. Avoid using it on confidential, regulated, medical, tax, bank, or customer data unless your organization has approved that service and its retention/privacy terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation describes capabilities that read local files, invoke Python/shell commands, and send data over the network, but it does not declare corresponding permissions or trust boundaries. This weakens review and user consent because an agent may access local documents and transmit them externally without an explicit permission model.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-trigger guidance says the AI will trigger the skill based on broad description keywords, but it does not define clear activation limits or require explicit user consent. This can cause unintended execution on loosely related prompts, resulting in accidental file processing and external transmission of sensitive receipts or invoices.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill accepts a local file path and uses an external OCR API, but the documentation does not prominently warn that the selected local file will be transmitted to a third-party service. Because financial receipts and invoices often contain personal, tax, travel, and payment data, users may unknowingly exfiltrate sensitive information off-device.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to upload financial documents and send an API bearer token to a third-party OCR endpoint, but it provides no warning about transmitting sensitive invoice data, handling personal/company financial information, or data retention/privacy implications. In this skill context, the uploaded files are explicitly expense vouchers and invoices, which commonly contain PII, tax identifiers, bank details, and transaction records, making the omission materially risky.

External Transmission

Medium
Category
Data Exfiltration
Content
| 变量名 | 默认值 | 说明 |
|--------|--------|------|
| SCNET_API_KEY | 必需 | Scnet API 密钥 |
| SCNET_API_BASE | https://api.scnet.cn/api/llm/v1 | API 基础地址(一般无需修改) |

### 输出
Confidence
89% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
# Sugon-Scnet OCR API 文档摘要

## 接口地址
`POST https://api.scnet.cn/api/llm/v1/ocr/recognize`

## 请求头
- `Content-Type: multipart/form-data`
Confidence
81% confidence
Finding
https://api.scnet.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
)
        sys.exit(error_msg)

    config.setdefault('SCNET_API_BASE', 'https://api.scnet.cn/api/llm/v1')
    return config

def recognize_with_retry(ocr_type, file_path, config, retry_count=0):
Confidence
90% confidence
Finding
https://api.scnet.cn/

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.