Back to skill

Security audit

JLC EDA Drawing

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate EasyEDA automation purpose, but it exposes an unauthenticated local bridge that can run arbitrary code in EasyEDA and mutate real projects.

Install only if you are comfortable giving the agent live control over an open EasyEDA session. Keep the bridge bound to trusted local use only, stop it when finished, do not run it on shared or exposed networks, and require explicit confirmation before project edits, deletes, file writes, or any order/manufacturing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (22)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This documentation exposes direct order-placement capabilities (PCB, components, SMT, shells) inside a skill intended for design/review workflows. Even if merely documented, these APIs expand the reachable action surface from analysis/export into real-world procurement, which can lead to unauthorized purchasing flows or unintended navigation to vendor order pages if an agent uses them without strict confirmation boundaries.

Context-Inappropriate Capability

Low
Confidence
76% confidence
Finding
The documented upload/delete BOM template functions add remote content-management and destructive state-changing operations beyond simple PCB design assistance. This broadens the skill's authority and could let an agent modify shared manufacturing templates or remove existing ones without clear user intent.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The method documentation says non-interactive silent ordering behavior is possible, including ignoring warnings and opening an order page, while the remarks later say only interactive mode is currently supported and parameters have no effect. This inconsistency is dangerous because an agent or developer may rely on the more permissive behavior model and design workflows that assume silent ordering is available or acceptable, creating unsafe automation assumptions around purchasing actions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The component-order documentation presents silent, non-interactive behavior and warning bypass semantics that conflict with the remark that only interactive checks are supported and parameters currently do nothing. Such contradictions can cause unsafe integration decisions, especially in agentic environments where developers may trust the documented automation pathway for procurement-related actions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The PCB-order method likewise describes non-interactive checks and warning suppression, yet the remarks say those parameters are currently ineffective and only interactive checks are supported. For a purchasing workflow, ambiguity about whether calls can silently proceed is a security-relevant documentation flaw that may lead to over-privileged or unsafe agent behavior.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The SMT ordering documentation repeats the same contradiction between purported silent execution and remarks stating only interactive support exists. In a skill with manufacturing and procurement context, misleading documentation about silent ordering can directly influence unsafe automation and user-consent bypass assumptions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill enables allow_implicit_invocation without any narrowing conditions, so the agent may be auto-selected in contexts where the user did not explicitly request EDA or PCB design work. Because this skill can drive circuit-design and workflow actions, unintended invocation could cause the system to perform sensitive or high-impact engineering tasks based on weak relevance signals, increasing the chance of unsafe automation or prompt-scope abuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The deletePcb documentation describes a destructive operation that may also delete the linked schematic and reusable module symbol, but it does not prominently warn users about this cascading behavior before invocation. In an EDA automation skill, this increases the chance of accidental project-wide data loss if an agent or user calls the API assuming only the PCB artifact will be removed.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
A delete operation for BOM templates is documented without any explicit warning about permanence, shared impact, or need for confirmation. In multi-user or persistent environments, destructive actions without clear cautionary guidance increase the chance of accidental loss of manufacturing configuration data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The order-placement API documentation does not prominently warn that invoking the method may initiate a purchasing workflow and open an ordering page. For an agent skill, side-effecting procurement behavior without strong warning materially raises the risk of unauthorized or surprising external actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The component ordering documentation lacks a clear upfront warning that the action can start a vendor order process. In a design-oriented skill, that omission makes it easier for downstream integrators to treat the method as routine automation rather than a high-risk transactional action.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The PCB-order API similarly omits a strong warning that it can initiate manufacturing order workflow. Because the skill is otherwise about EDA design and export, this missing warning increases the likelihood of accidental invocation or unsafe autonomous use.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The SMT-order method lacks a clear caution that it may launch ordering workflow, despite being a side-effecting procurement action. In agent settings, insufficient disclosure around such actions can lead to misuse, especially when mixed with normal design/manufacturing export APIs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes a destructive deletion API, including recursive/forced folder deletion, without any guidance to require explicit user confirmation, path restrictions, or safety checks before use. In an agent skill context, this omission can lead downstream implementations to invoke deletion on user files or project directories with little friction, increasing the chance of accidental or unsafe destructive actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The save/write API documents overwrite capability via the force parameter but does not warn about data loss, backup expectations, or safe handling of existing files. In an automation-oriented skill, this can encourage agents or extensions to overwrite user designs, libraries, or configuration files without adequate prompting or versioning safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly states that `buttonCallbackFn` is provided as a string and 'will be automatically parsed and executed', which creates a code-execution sink if any untrusted input can reach that parameter. In the context of an agent skill that may generate or manipulate EasyEDA automation, this is especially dangerous because downstream consumers may copy the pattern directly into code without recognizing that arbitrary script execution is involved.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains very broad terms such as "PCB", "schematic", "EDA", and "EasyEDA", which can cause the skill to activate in unrelated conversations. In a skill that can start local services and issue execution requests into a running EDA client, accidental invocation expands the chance of unintended tool use and cross-context actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation phrase "EDA,启动!" is ambiguous because "EDA" is a generic industry term and not unique to this product or skill. This increases the risk of unintended session initialization and subsequent execution-oriented guidance in contexts where the user did not clearly request this specific capability.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example code creates a new schematic page, renames it, and opens it in the current project without any warning, confirmation step, or indication that persistent project state will be modified. In an agent skill intended to automate EDA workflows, users may run snippets verbatim, so undocumented write actions can cause unintended project changes, confusion, or overwrite/review issues in active design work.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These snippets search for parts, place components, create wires, and add net labels directly into the current schematic, but they do not disclose that they mutate the design or recommend validation before execution. In the context of an automation-oriented EDA skill, this increases the chance of accidental insertion of incorrect components or nets into a live schematic, potentially leading to design corruption or manufacturing mistakes if the changes are not noticed.

Missing User Warnings

High
Confidence
98% confidence
Finding
The HTTP /execute endpoint accepts arbitrary JavaScript code and forwards it to a connected EasyEDA client for execution, with no authentication, authorization, origin restriction, or user confirmation. Any local process or potentially any web page via the permissive CORS policy can invoke this endpoint and cause code to run in the EasyEDA context, enabling unauthorized project manipulation or broader compromise depending on the client capabilities.

Missing User Warnings

High
Confidence
97% confidence
Finding
The WebSocket agent handler processes execute messages containing arbitrary code and relays them to the EDA client without authentication or consent checks. This creates an unauthenticated remote-code-execution bridge over WebSocket, and the handshake only identifies the service name rather than proving peer identity, so untrusted local or adjacent clients can issue execution requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.