ClawHub

Chart Splat

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent chart-generation skill that uses a disclosed external chart-rendering API, with privacy considerations but no artifact-backed malicious behavior.

Install only if you are comfortable sending chart data and configuration to Chart Splat’s remote API. Avoid using it for secrets, regulated data, or confidential business datasets unless your organization approves that external processing, and keep the API key scoped to this service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires network access and an API key but does not clearly declare permissions in a dedicated, enforceable way, which can mislead operators about its real capabilities. In an agent environment, undeclared access to external services and secrets increases the risk of unintended data disclosure and weakens review and consent controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates the skill's actual capability surface: it writes files locally and accepts arbitrary JSON configuration, which can enable behaviors beyond the narrow chart types described. This mismatch is dangerous because reviewers and users may authorize the skill for simple charting while it processes more complex unbounded input and performs local file writes, increasing the chance of misuse, unsafe outputs, or policy bypass.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation guidance is broad enough that the skill may trigger on generic requests to create or visualize data, causing unnecessary external API use and transfer of potentially sensitive user data. Over-broad routing increases the likelihood that the skill is invoked without the user's informed consent or when a local/offline alternative would be safer.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states charts are rendered server-side but does not prominently warn that user-supplied chart data is transmitted to an external API. In security-sensitive environments, this omission can lead to accidental exfiltration of confidential business, financial, or personal data under the assumption that processing is local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation instructs sending chart payloads and authentication headers to a third-party endpoint, but it does not clearly warn that user-provided data leaves the local/system boundary. In an agent setting, users may provide sensitive business or personal data for visualization, so lack of disclosure can cause unintended external data sharing and privacy/compliance issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits the full chart configuration, including labels, data values, and titles, to a third-party API endpoint without any explicit user warning or consent mechanism. In an agent skill context, users may reasonably expect local chart generation, so sensitive business, financial, or personal data could be exfiltrated to an external service unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
## Endpoint

```
POST https://api.chartsplat.com/chart
```

## Authentication
Confidence
89% confidence
Finding
https://api.chartsplat.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal