ClawHub

Archviz Skills

Security checks across malware telemetry and agentic risk

Overview

This visualization skill is coherent and purpose-aligned, but generated HTML may contact CDNs and run third-party chart or 3D libraries.

Install only if you are comfortable with visualization templates that may load JavaScript from jsDelivr when opened in a browser or embedded preview. For offline or stricter environments, prefer the ASCII, Mermaid, pure-inline HTML, or Python outputs, or vendor/pin the CDN libraries before using generated HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file imports executable JavaScript modules directly from third-party CDNs at runtime, which creates a supply-chain and integrity risk. If the CDN content is modified, unavailable, or swapped, any user opening the example executes untrusted remote code in the page context.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The template claims to be self-contained but fetches Chart.js from an external CDN at runtime, introducing a supply-chain and privacy risk. If the CDN, dependency, or network path is compromised, opening the HTML could execute attacker-controlled JavaScript in the viewer’s browser.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The template claims to support self-contained HTML, but it loads Chart.js from an external CDN at runtime. This creates a supply-chain and privacy risk: rendering depends on fetching third-party code over the network, which can leak usage metadata, fail in restricted environments, or execute compromised upstream JavaScript if the CDN asset is tampered with.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The template explicitly markets itself as self-contained and suitable for offline or direct preview use, but it imports Chart.js from a third-party CDN. This creates a supply-chain and privacy/trust risk because opening the generated HTML triggers a network fetch to external infrastructure, and the file may fail in restricted or offline environments contrary to the documented behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The inline documentation tells downstream agents and users that the output renders without external dependencies, but the HTML contradicts that by loading Chart.js from jsDelivr. In a skill context, misleading documentation is security-relevant because it can cause agents to generate artifacts that unexpectedly make external requests, weakening user consent and environmental assumptions.

Vague Triggers

Medium
Confidence
66% confidence
Finding
The text explicitly says routers can auto-activate the skill without the full path or exact name based on a broad triggers block. In an agent ecosystem, overly broad auto-activation can cause the wrong skill to take control of user requests, potentially leading to unintended code/template generation, context hijacking, or bypass of more appropriate specialized skills.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad everyday terms such as "chart," "3d," and "building," which can cause the skill to activate in contexts far outside specialized architectural visualization. Over-broad activation increases the chance of unintended routing, causing the agent to apply this skill when the user did not request it and potentially overriding more appropriate skills or normal handling.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage guidance says to use the skill whenever the user asks for many common visualization-related terms, but it does not define exclusion conditions or confidence thresholds. This broad routing language can lead to accidental invocation in ambiguous requests, which may degrade agent behavior, produce mismatched outputs, or interfere with safer/default response paths.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt encourages invoking the skill in a very generic way ('create a restrained visualization from this brief') without embedding clear scope limits or eligibility checks. Combined with allow_implicit_invocation=true, this can cause the skill to be triggered in contexts where visualization is not the user's primary intent, increasing the chance of unintended prompt injection surface, tool overuse, or misleading auto-generated outputs.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The rule 'for personal context: direct, match habit (simplified Chinese if labels, no filler)' can override user language preferences without consent, causing unintended language switching and potentially misleading or unusable output. In an agent skill, hard-coded language behavior is risky because it can silently alter content presentation in ways the user did not request.

Missing User Warnings

Low
Confidence
89% confidence
Finding
Loading an external script without any user-facing disclosure creates an avoidable transparency and privacy issue: users may believe the file is local/self-contained when it makes a network request. In this skill context, that mismatch increases risk because templates are meant to be preview-compatible and restrained, so hidden outbound fetches are less expected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template silently loads a third-party script without any warning or disclosure to the end user. That matters more in this skill because it is designed to generate copy-pasteable HTML for Obsidian or browser preview, where users may reasonably expect local-only rendering; silent remote script execution expands the attack surface and leaks usage metadata to the CDN.

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
84% confidence
Finding
numpy

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal