Xhs Rental Ocr

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run OCR helper that reads chosen images and writes extracted rental data to local spreadsheet files, with no evidence of hidden network access or persistence.

Install only if you are comfortable running a local Python OCR script on selected images. Choose the output path deliberately, and note that using image slicing creates additional cropped image files next to the original image. Treat the documented URL and CSV options as incomplete unless the code is updated.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill encourages URL-based operation and local file export without clearly warning that it will fetch remote content and write extracted results to disk. This can surprise users, create privacy issues if sensitive images are downloaded or processed, and increase risk from untrusted remote inputs and unintended local data persistence.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal