ClawHub

multi-agent-orchestrator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local diagram-generation prototype with disclosed file outputs and renderer use, not a hidden or destructive skill.

Install only if you are comfortable running local helper scripts. Use a trusted manus-render-diagram binary, run the skill in a dedicated output directory where overwriting org_chart.* and swimlane.* is acceptable, and note that direct script execution currently uses built-in example prompts instead of the documented CLI flags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("Rendering organizational chart to PNG...")
    org_chart_png_path = f"{output_dir}/org_chart.png"
    try:
        subprocess.run(["manus-render-diagram", org_chart_mermaid_path, org_chart_png_path], check=True)
        print(f"Organizational chart rendered to {org_chart_png_path}")
    except subprocess.CalledProcessError as e:
        print(f"Error rendering organizational chart: {e}")
Confidence
83% confidence
Finding
subprocess.run(["manus-render-diagram", org_chart_mermaid_path, org_chart_png_path], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("Rendering swimlane diagram to PNG...")
    swimlane_png_path = f"{output_dir}/swimlane.png"
    try:
        subprocess.run(["manus-render-diagram", swimlane_mermaid_path, swimlane_png_path], check=True)
        print(f"Swimlane diagram rendered to {swimlane_png_path}")
    except subprocess.CalledProcessError as e:
        print(f"Error rendering swimlane diagram: {e}")
Confidence
83% confidence
Finding
subprocess.run(["manus-render-diagram", swimlane_mermaid_path, swimlane_png_path], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes executable scripts that write files, invoke rendering tooling, and likely perform agent generation using external model or network-backed components, yet it declares no permissions. This creates a trust and sandboxing gap: users or platforms may approve the skill under the assumption it is low-privilege, while it can perform shell, network, and file-write actions in practice.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The manifest describes orchestration and visualization, but the implementation achieves visualization by executing a local binary on generated content. In a skill context, that is more dangerous because agent outputs are prompt-influenced and may be attacker-controlled, so the skill effectively grants local processing of untrusted input to an external tool.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The swimlane rendering step adds the same local command-execution capability beyond pure data transformation, increasing the skill's privileges and attack surface. Because the diagrams are generated from model output, the context makes this more risky than a static internal asset pipeline.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal