Back to skill

Security audit

夸克扫描王 - OCR文字识别 Alibaba-Quark-OCR

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud OCR connector that sends user-selected images to Quark for recognition; no hidden destructive behavior or persistence was found.

Install only if you are comfortable sending submitted images, including identity documents, invoices, business records, or medical reports, to Quark's cloud OCR service using your SCAN_WEBSERVICE_KEY. Verify the correct skill entry is configured for the API key and avoid using it for documents whose privacy or compliance requirements prohibit third-party processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as an OCR-only tool, but the underlying implementation reportedly supports additional image transformation, content removal, document conversion, and local file-writing behaviors that are not disclosed in the user-facing description. This expands the trust boundary significantly: users may provide sensitive images believing only text extraction occurs, while the skill can alter content, generate files, and persist returned data locally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The client sends either local file contents (after base64 encoding) or caller-supplied image data to a remote OCR API, but the code itself provides no consent, disclosure, or guardrail around that transfer. In this skill context, the OCR targets highly sensitive content such as IDs, licenses, invoices, and medical reports, so silent exfiltration of local documents to a third-party service creates a real privacy and compliance risk even if the behavior is functionally intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.