ClawHub

image-reader-xytest

Security checks across malware telemetry and agentic risk

Overview

This image OCR skill uploads the user-selected image to OCR.space and saves text locally, which fits its stated purpose but requires privacy caution.

Install only if you are comfortable sending chosen images to OCR.space for processing. Avoid confidential IDs, financial records, medical documents, private screenshots, or regulated data unless that third-party processing is acceptable, and delete generated OCR text files when they contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs network access to a third-party OCR service and includes code that writes image data into an in-memory buffer, yet the skill metadata declares no permissions or safety disclosures. This creates a transparency and governance gap: users and hosting platforms may not realize local image contents are being transmitted off-device, which can expose sensitive documents or screenshots.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill description implies local image reading, but the implementation uploads the image contents to a third-party OCR API and stores extracted text locally. This mismatch is dangerous because users may provide sensitive local images under the assumption processing is local-only, resulting in unintended data disclosure to an external service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends the full contents of a local image to OCR.space but does not warn the user that image data leaves the local environment and is processed by a third party. Because images may contain IDs, financial records, screenshots, or other sensitive information, the lack of disclosure materially increases privacy and data-leakage risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends the full image, base64-encoded, to an external OCR provider without any warning, consent, or privacy notice. If users process IDs, financial records, medical documents, screenshots, or other sensitive images, confidential information may be exposed to a third party unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
img_small.save(buf, format='JPEG', quality=80)
b64_data = base64.b64encode(buf.getvalue()).decode()

url = 'https://api.ocr.space/parse/image'
params = urllib.parse.urlencode({
    'base64Image': 'data:image/jpeg;base64,' + b64_data,
    'language': 'chs',
Confidence
95% confidence
Finding
https://api.ocr.space/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal