OCR - Local (No API Key)

Security checks across malware telemetry and agentic risk

Overview

This OCR skill appears to do what it says, with the main caveat that “local” processing still includes disclosed first-run language-data downloads.

Install only if you are comfortable with npm dependencies and a first-run download of Tesseract language data. For restricted or offline environments, preload or vendor the language data through a controlled process before use, and avoid OCRing sensitive images unless you are comfortable with the extracted text appearing in the agent session.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documentation claims the OCR skill is '100% local' while elsewhere stating that Tesseract language data is downloaded at runtime. This is a security-relevant misrepresentation because users may install or run the skill under the assumption that it performs no network access, which can affect trust, sandboxing, compliance, and air-gapped usage decisions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The feature list says the skill runs purely locally, but the first-run notes disclose downloading language data. This inconsistency can mislead users into granting the skill access in environments where unexpected outbound network activity is prohibited or risky, making it a genuine transparency and supply-chain exposure issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal