ClawHub

Screenshot Ocr

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local screenshot OCR helper, with normal privacy cautions because it can read clipboard images and copy or save recognized text.

Install only if you are comfortable running a local Python OCR script and installing Tesseract/pytesseract/Pillow from trusted sources. Avoid using it on screenshots containing passwords, private messages, payment details, or verification codes unless you intend that text to appear in the terminal, clipboard, or a saved file; delete sensitive saved outputs when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # 尝试使用 pbpaste (macOS)
        subprocess.run(["pbpaste", ">", "/tmp/clipboard.png"], shell=True, capture_output=True)
        if os.path.exists("/tmp/clipboard.png"):
            return "/tmp/clipboard.png"
    except:
Confidence
96% confidence
Finding
subprocess.run(["pbpaste", ">", "/tmp/clipboard.png"], shell=True, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes shell commands and advertises file-writing behavior, but it does not declare corresponding permissions or safety boundaries. This creates a trust gap where an agent or user may not realize the skill can write files or execute local commands, increasing the chance of unintended modification of the host environment.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase "OCR" is so broad that it can match many unrelated requests, causing this skill to activate outside its intended screenshot-specific context. Over-broad routing can expose clipboard, image, file-save, or shell-backed behavior when the user did not specifically request this skill.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger "屏幕识别" is ambiguous and could be interpreted as general screen analysis rather than static OCR of a user-provided screenshot. In context, that ambiguity is more dangerous because the skill handles potentially sensitive on-screen content and may copy or save extracted text.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports copying recognized text to the clipboard and saving it to a TXT file, but it provides no warning about handling sensitive data, clipboard exposure, or accidental overwrite of existing files. OCR commonly captures secrets, personal data, or one-time codes from screenshots, so silent persistence or clipboard placement can leak information beyond the user's intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal