ClawHub

paddleocr-vl-locally

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PaddleOCR document-parsing helper, but users should understand that documents are sent to their configured OCR endpoint and raw results may be saved locally.

Install this only if you intend to process documents through the configured PaddleOCR/Triton endpoint. Use a trusted local or internal endpoint for sensitive documents, avoid passing untrusted URLs to the backend, use --stdout or a controlled --output path when you do not want temp-file persistence, and delete saved JSON results when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes Python scripts, reads local files, writes results to disk, accesses environment variables, and sends data over the network, yet it declares no explicit permissions. This creates a trust and transparency gap: users or hosting platforms may authorize the skill without understanding it can exfiltrate document contents to a remote endpoint and persist raw outputs locally.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is marketed as local document parsing, but its implementation sends document contents to a configurable HTTP endpoint and also allows passing arbitrary remote file URLs to that backend. This creates a real data-flow and trust-boundary issue: users may believe files stay on-host while sensitive documents are transmitted over the network or fetched by a remote service, which can lead to unintended disclosure and SSRF-like behavior at the inference service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs the agent to send user-supplied documents to a configured document-parsing API, but it does not clearly warn that sensitive document contents will leave the local environment and be processed by an external or separately hosted service. Because the skill targets complex PDFs and images that may contain financial, legal, scientific, or personal data, this omission can lead to unintended disclosure of highly sensitive information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal