Crazyrouter Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OCR/image-analysis wrapper that sends a user-selected image and prompt to Crazyrouter for processing.

Install only if you are comfortable uploading the specific images and prompts you choose to Crazyrouter or the endpoint set by CRAZYROUTER_BASE_URL. Avoid confidential screenshots, IDs, secrets, or regulated documents unless that external processing is acceptable, and consider using a dedicated API key with limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill metadata and usage text describe OCR/image analysis functionality but do not clearly warn users that their images and prompts are transmitted to a third-party service, Crazyrouter, for processing. This can lead users to unknowingly send sensitive screenshots, documents, or personal images off-platform, creating privacy, confidentiality, and compliance risks.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal