Train Ticket Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent train-ticket OCR wrapper, but users should know ticket files are sent to Scnet for processing.

Install only if you trust Scnet with the specific train-ticket images or PDFs you choose to process. Use a dedicated revocable SCNET_API_KEY, keep config/.env permission-restricted, verify the endpoint, and avoid processing tickets containing personal or business data unless third-party OCR processing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The AI-triggering guidance is overly broad and could cause the skill to activate on generic requests about invoices or images without clearly signaling that a local file will be read and uploaded to a third-party OCR service. In this skill's context, that is more dangerous because train tickets can contain identity numbers, travel details, and other sensitive personal data.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill processes train tickets and explicitly mentions extracting身份证号 and other sensitive fields, yet the documentation does not clearly disclose that the local image and its contents will be sent to a third-party OCR provider. This is a genuine privacy and data-handling vulnerability because users may unknowingly expose personal and travel data to an external service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal