ClawHub

opencr-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OpenOCR helper for extracting text and document structure from user-provided images and PDFs, with normal privacy cautions around saved OCR outputs and model downloads.

Install only if you are comfortable using OpenOCR and its model/package sources. Avoid processing confidential documents unless your agent environment and output folders are appropriate, because extracted text may be written to local Markdown, JSON, text, or visualization files. Use local model paths or disable auto-download where controlled or offline operation is required, and avoid Gradio share mode unless you intend to expose a demo link.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This is a real security/privacy issue: the skill processes user-supplied images and PDFs that may contain sensitive information, and multiple examples explicitly save extracted text, JSON, Markdown, and visualizations to disk without a clear warning. In an agent context, users may not realize that OCR outputs can persist locally and expose confidential document contents beyond the immediate session.

Missing User Warnings

Low
Confidence
91% confidence
Finding
This is a valid finding because the documented configuration enables automatic model downloads when paths are unset, which causes network access during execution without prominently warning the user. In restricted or privacy-sensitive environments, unexpected outbound connections can violate policy, leak usage metadata, or fail in confusing ways.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal