Back to skill

Security audit

GT Simon Deepseek Ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill is not clearly malicious, but its runtime, command packaging, and network OCR behavior do not line up cleanly enough for routine installation.

Review before installing. Only use this skill if you understand which entry point will actually run and trust the OCR endpoint, especially when DEEPSEEK_OCR_HOST or DEEPSEEK_OCR_PORT are set. The maintainer should align the runtime, command name, script path, and documentation before this is treated as a routine OCR skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Natural-Language Policy Violations

Low
Confidence
90% confidence
Finding
This code contains natural-language comments in Chinese (for example at L09 and L34-L35), which reflects a fixed language choice without any indication that users or maintainers can opt into a preferred language. The policy for this audit flags forced language or locale choices when no choice or justification is provided.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description is only "OCR skill," which does not specify trigger scope, intended use cases, or boundaries for activation. In a manifest file, this lack of specificity can contribute to ambiguous invocation behavior because it does not distinguish appropriate OCR requests from broader image or text-related tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
Scripts/index.js:37