ClawHub

WiseOCR

Security checks across malware telemetry and agentic risk

Overview

WiseOCR is a disclosed cloud OCR tool; its main risk is that chosen documents are sent to WiseDiag for processing, not hidden or unrelated behavior.

Install only if you are comfortable sending selected documents to WiseDiag's cloud service. Avoid confidential, regulated, identity, financial, credential, or minor-related documents unless WiseDiag's terms are acceptable. Prefer a temporary environment variable or secret manager for WISEDIAG_API_KEY, and use a fresh virtual environment with current dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

Tainted flow: 'multipart' from open (line 116, file read) → requests.post (network output)

High
Category
Data Flow
Content
fh = open(file_path, "rb")
            multipart = [("file", (file_path.name, fh, _mime(file_path.name)))]

            resp = requests.post(
                endpoint,
                files=multipart,
                params=params,
Confidence
94% confidence
Finding
resp = requests.post( endpoint, files=multipart, params=params, headers=headers, timeout=REQUEST_TIMEOUT,

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly requires an API key, writes OCR output to disk, and uploads user files to a remote cloud API, yet it does not declare permissions for env, file_write, and network. This is dangerous because users and policy enforcement systems may not have clear visibility into the skill's actual capabilities, especially given that documents are transmitted off-device to a third party.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends user-provided documents to an external OCR service but does not present an explicit warning at the point of use that document contents leave the local environment. In an agent setting, users may assume processing is local, so this creates a meaningful privacy and compliance risk.

Session Persistence

Medium
Category
Rogue Agent
Content
# Temporary (current terminal session)
export WISEDIAG_API_KEY=your_api_key_here

# Permanent (add to ~/.zshrc or ~/.bashrc)
echo 'export WISEDIAG_API_KEY=your_api_key_here' >> ~/.zshrc
source ~/.zshrc
```
Confidence
91% confidence
Finding
add to ~/.zshrc

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-); CVE-2026-40260 (pypdf: Manipulated XMP metadata entity declarations can exhaust RAM) +7 more

Low
Category
Supply Chain
Confidence
93% confidence
Finding
pypdf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal