ClawHub

Vehicle License Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward vehicle-license OCR wrapper, but users should understand that document images are sent to Scnet for processing.

Install only if you are comfortable sending vehicle-license images and extracted personal/vehicle details to Scnet's OCR API. Avoid using it on documents you do not have permission to process, keep the API key out of chats and shared logs, and review Scnet's privacy/data-retention terms before uploading sensitive documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance is broad enough that an AI agent may trigger this skill on loosely related user requests involving images and document recognition, without clearly signaling that local files will be read and uploaded to an external service. Because the skill handles highly sensitive identity/vehicle registration documents, vague triggering materially increases the risk of unintended collection and external transmission of personal data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation instructs users to upload potentially sensitive identity and vehicle-license images together with authorization credentials to a third-party OCR endpoint, but it provides no privacy notice, data-handling caveats, retention guidance, or minimization advice. In this skill context, the risk is heightened because the described inputs and outputs include highly sensitive personal data such as names, addresses, ID numbers, vehicle identifiers, and document images.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal