ClawHub

Vision Recognition Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill sends user-selected images to Baidu for OCR or image recognition, and the reviewed files match that stated purpose without hidden or destructive behavior.

Install only if you are comfortable sending selected images or document screenshots to Baidu for processing. Use a dedicated, least-privileged Baidu credential, avoid highly sensitive or regulated documents unless approved, and be aware that the skill needs Python requests, network access, local image-file reads, and Baidu credential environment variables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tainted flow: 'token' from os.getenv (line 100, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
else:
        api_key, secret_key = pick_oauth_credentials()
        token = get_access_token(api_key, secret_key)
        resp = requests.post(f"{api_url}?access_token={token}", headers=headers, data=data, timeout=30)

    resp.raise_for_status()
    result = resp.json()
Confidence
93% confidence
Finding
resp = requests.post(f"{api_url}?access_token={token}", headers=headers, data=data, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates capabilities to read local files, access environment variables for credentials, and make outbound network requests, but it does not declare permissions accordingly. This creates a transparency and consent gap: a user may provide a local image or invoke the skill without realizing it can access sensitive local content and transmit data to external services using stored credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes OCR and image recognition workflows but does not clearly warn users that supplied images and extracted text may be transmitted to Baidu vision services. Because OCR inputs often contain screenshots, invoices, handwriting, or tables, this omission can lead to inadvertent disclosure of sensitive personal, financial, or business data to a third party.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This skill handles screenshots, photos, invoices, and tables, which can contain personal, financial, or confidential business data, and the code transmits that content to Baidu without any in-code disclosure or consent mechanism. In this skill context, the behavior is expected functionally, but the privacy risk is elevated because users may not realize sensitive images are leaving the local environment for third-party processing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This function sends image-derived OCR data to an external Baidu OCR service via `call_ocr("accurate_basic", data)` without any disclosure, consent check, or data-classification guard visible in this file. Because the skill explicitly supports screenshots, invoices, and tables, users may submit sensitive personal, financial, or confidential business information that is then transmitted off-box to a third party unexpectedly.

Missing User Warnings

Low
Confidence
83% confidence
Finding
This function sends image-derived data to an OCR backend via call_ocr("general_basic", data) after accepting user-controlled input built by build_image_payload. In the context of OCR on screenshots, invoices, and photos, that data can contain sensitive personal or financial information, and this file provides no consent prompt, data minimization, or warning before transmission to a third-party service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This function sends user-supplied image data to an external image-classification service via `call_image_classify("plant", data)` without any visible notice, consent flow, or indication to the caller that images may leave the local environment. Because this skill explicitly supports local paths, URLs, and base64 screenshots/photos, users may unknowingly transmit sensitive image contents to a third party, creating a privacy and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal