ClawHub

WiseDiag MedOCR

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud OCR tool that uploads a user-selected file to WiseDiag and saves Markdown output locally, with privacy and dependency cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending chosen documents to WiseDiag's cloud service. Do not use it for confidential medical, financial, legal, credential, or minor-related documents unless WiseDiag's terms meet your requirements. Prefer a session-only API key export or secret manager over adding the key to ~/.zshrc or ~/.bashrc, and install with current patched dependencies or a locked environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill requires environment access for an API key, network access to upload user files to a third-party cloud service, and file-write access to save OCR output, but it does not declare permissions to make those capabilities explicit. This is dangerous because users and policy enforcement layers may not understand that installing or invoking the skill can transmit document contents off-device and write derived data locally, increasing privacy and governance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance, 'Use WiseOCR to OCR this,' is fairly generic and can overlap with normal user phrasing around document processing. This can cause accidental activation in contexts where a user did not fully appreciate that their file would be uploaded to a remote service, making the privacy impact of unintended invocation more significant.

Session Persistence

Medium
Category
Rogue Agent
Content
# Temporary (current terminal session)
export WISEDIAG_API_KEY=your_api_key_here

# Permanent (add to ~/.zshrc or ~/.bashrc)
echo 'export WISEDIAG_API_KEY=your_api_key_here' >> ~/.zshrc
source ~/.zshrc
```
Confidence
85% confidence
Finding
add to ~/.zshrc

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-); CVE-2026-40260 (pypdf: Manipulated XMP metadata entity declarations can exhaust RAM) +7 more

Low
Category
Supply Chain
Confidence
92% confidence
Finding
pypdf

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal