ClawHub

china-doc-ocr

Security checks across malware telemetry and agentic risk

Overview

This OCR skill is coherent and not malicious, but it sends selected documents to SiliconFlow and may retain OCR output in the workspace.

Install only if you are comfortable sending selected documents to SiliconFlow for OCR. Avoid highly confidential documents unless your policies allow this provider, use a limited API key, monitor quota or billing, and delete saved OCR results or temporary files containing private information after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that OCR results are saved to the workspace and retained, but it does not prominently warn users that extracted text from sensitive documents may persist after processing. For OCR of IDs, invoices, contracts, and licenses, persistent storage can expose personal, financial, or corporate data to later access, syncing, backups, or unintended reuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill sends user-provided images and PDFs to third-party OCR services, but it does not clearly warn users at the start that potentially sensitive files leave the local environment. Because the documented use cases include identity cards, invoices, receipts, and business documents, silent off-box transmission materially increases privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prompt templates explicitly support OCR extraction of highly sensitive personal and financial documents such as ID cards, invoices, business licenses, bank statements, and contracts, but provide no privacy warning, consent check, minimization guidance, or handling restrictions. In an OCR skill, this increases the chance that users or downstream agents process regulated data unsafely, expose unnecessary fields, or mishandle secrets and personally identifiable information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads document contents, images, or PDFs to a third-party OCR API, but it provides no explicit warning, consent flow, or data-handling notice to the user at the point of transmission. Because this skill is specifically meant for invoices, receipts, ID cards, and other sensitive documents, users may unknowingly send highly sensitive personal or financial data off-box to an external service.

VirusTotal

No VirusTotal findings

View on VirusTotal