ClawHub

Social Security Card Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised OCR task, but it uploads highly sensitive social security card images and extracted identity/financial data to a remote OCR service without a clear consent or privacy-handling step.

Install only if you trust Scnet and have authority to send social security card images to its OCR API. Before use, verify SCNET_API_BASE, keep the API key out of chat, get explicit user consent for remote processing, and avoid using it where privacy, retention, or compliance requirements have not been reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest describes the skill broadly as image text extraction and OCR, while the body says it only supports social security card recognition. This mismatch can cause the agent to invoke the skill in unintended contexts, increasing the chance that unrelated or sensitive user images are sent to the external OCR service without appropriate expectation or consent.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
Although the documentation claims a single recognition capability, the tags and example path reference broader document OCR such as invoices. That inconsistency can broaden activation and user expectations, leading to accidental submission of documents beyond the intended social security card scope.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill says it may auto-trigger from broad conversational keywords about recognizing a social security card image, but it does not define exclusion conditions or a confirmation step. In a sensitive-ID context, broad triggering is risky because it can cause unintended processing and external transmission of highly sensitive personal data.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill handles social security card images, which contain highly sensitive personal and identity data, yet the documentation does not clearly warn users that the image and extracted information will be transmitted to an external OCR service. Missing that warning undermines informed consent and materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs uploading image/PDF/archive files containing highly sensitive personal data, including social security numbers, bank card numbers, birth dates, and identity details, to an external OCR API using a bearer token, but provides no warning, consent flow, minimization guidance, or data-handling safeguards. In this skill context, the risk is elevated because the stated purpose is specifically OCR of social security cards, making transmission of regulated personal data to a third-party service central to operation rather than incidental.

External Transmission

Medium
Category
Data Exfiltration
Content
# Sugon-Scnet OCR API 文档摘要

## 接口地址
`POST https://api.scnet.cn/api/llm/v1/ocr/recognize`

## 请求头
- `Content-Type: multipart/form-data`
Confidence
90% confidence
Finding
https://api.scnet.cn/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal