Back to skill

Security audit

Excalidraw Canvas

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it renders Excalidraw-style diagrams through a hosted API, but users should treat diagram content and edit links as shared with an external service.

Install only if you are comfortable sending diagram contents to the hosted rendering service. Avoid secrets, customer data, unreleased system architecture, regulated information, or confidential workflows unless you trust the service and understand its retention and edit-link access behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill description is extremely broad ('Use whenever you need to draw... diagram anything'), which can cause the agent to invoke this skill for many ordinary requests without considering whether diagram contents are sensitive. Because the skill transmits user-provided diagram data to a third-party hosted API, broad activation materially increases the chance of unintended external disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that diagrams are rendered 'via a hosted API' but does not clearly warn that all diagram elements and labels are transmitted off-box to a third-party service. Users may include architecture details, credentials, customer data, or other sensitive content in diagrams, leading to unintended data exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill says an edit URL is always returned and instructs the agent to always include it, but it does not warn that this URL may grant access to modify or view the diagram through an external service. Automatically sharing persistent edit links expands the exposure surface and may leak sensitive diagram content beyond the immediate rendering step.

External Transmission

Medium
Category
Data Exfiltration
Content
## Render

```bash
RESULT=$(curl -s -m 60 -X POST https://excalidraw-mcp.up.railway.app/api/render \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{"elements": [...]}')
Confidence
97% confidence
Finding
curl -s -m 60 -X POST https://excalidraw-mcp.up.railway.app/api/render \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Full Example

```bash
RESULT=$(curl -s -m 60 -X POST https://excalidraw-mcp.up.railway.app/api/render \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{"elements": [
Confidence
97% confidence
Finding
curl -s -m 60 -X POST https://excalidraw-mcp.up.railway.app/api/render \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.