Back to skill

Security audit

Tesseract Receipt Tracker

Security checks across malware telemetry and agentic risk

Overview

This receipt OCR skill appears purpose-aligned, but it tells the agent to run privileged system package installs without enough user consent or setup separation.

Review before installing. Use it only if you are comfortable with the agent installing system packages, or manually install Tesseract yourself and prevent the skill from running privileged setup commands during normal receipt OCR use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The workflow instructs running privileged system package installation via sudo apt, which expands the skill's effects from document processing into host modification. Even if intended to install Tesseract, privileged package operations can alter system state, introduce supply-chain risk, and violate least-privilege expectations for a receipt OCR skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill omits clear warnings that it may install packages, use privileged commands, and write output files, which undermines informed user consent for impactful operations. In context, this is more dangerous because the skill appears to be a benign OCR utility, so users may not expect host changes or file creation beyond simple parsing.

Chaining Abuse

High
Category
Tool Misuse
Content
```
   exec pip install tesseract
   ```
   Tesseract: `exec sudo apt update && sudo apt install tesseract-ocr`

3. **Extract Text**:
   ```
Confidence
97% confidence
Finding
&& sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.