Mistral OCR

Security checks across malware telemetry and agentic risk

Overview

The skill’s OCR behavior is clearly disclosed, but its open-ended Mistral SDK dependency includes a confirmed compromised release in the allowed range.

Review before installing. The OCR workflow itself is transparent, but install only with a dependency lock or constraint that avoids `mistralai==2.4.6` and verifies the resolved SDK version. Do not use it for sensitive documents unless Mistral cloud processing is acceptable, and prefer a temporary environment variable or secrets manager for the API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script uploads the entire input document to Mistral's remote OCR service, but the user-facing behavior does not clearly and explicitly warn that document contents leave the local machine. This creates a real privacy and data-handling risk, especially if users process sensitive PDFs or images under the assumption that OCR is local.

Unpinned Dependencies

Low

Category: Supply Chain
Content: mistralai>=0.0.9
Confidence: 93% confidence
Finding: mistralai>=0.0.9

Known Vulnerable Dependency: mistralai — 2 advisory(ies): GHSA-wx9m-wx4f-4cmg (Malicious dropper in mistralai 2.4.6 PyPI package); MAL-2026-3608 (Malicious code in mistralai (PyPI))

Critical

Category: Supply Chain
Confidence: 98% confidence
Finding: mistralai

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal