Back to skill

Security audit

Paper Design

Security checks across malware telemetry and agentic risk

Overview

This skill transparently gives an agent control of the open Paper design file, with expected risks around editing/deleting design content and saving screenshots locally.

Install this only if you want OpenClaw to edit the currently open Paper file. Review targets before replace or delete operations, keep backups/version history for important designs, keep PAPER_MCP_URL on the default localhost endpoint unless you intentionally trust another server, and clean up /tmp/paper-screenshots or /tmp/paper-mcp-session on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents a direct delete operation for design nodes without any warning, preview, or confirmation requirement. In this context, the skill operates on a user's live local design file, so an agent could remove content accidentally or through prompt manipulation, causing destructive changes and potential loss of work.

External Transmission

Medium
Category
Data Exfiltration
Content
" "$tool_name" "$arguments" 2>/dev/null) || die "Invalid JSON arguments: $arguments"

  local response
  response=$(curl -s -X POST "$PAPER_MCP_URL" \
    -H "Content-Type: application/json" \
    -H "Accept: $ACCEPT_HEADER" \
    -H "Mcp-Session-Id: $session_id" \
Confidence
81% confidence
Finding
curl -s -X POST "$PAPER_MCP_URL" \ -H "Content-Type: application/json" \ -H "Accept: $ACCEPT_HEADER" \ -H "Mcp-Session-Id: $session_id" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
if echo "$response" | grep -q '"code":-32001\|"code":-32600\|Session.*not found\|session.*expired'; then
    rm -f "$PAPER_SESSION_FILE"
    session_id=$(get_session)
    response=$(curl -s -X POST "$PAPER_MCP_URL" \
      -H "Content-Type: application/json" \
      -H "Accept: $ACCEPT_HEADER" \
      -H "Mcp-Session-Id: $session_id" \
Confidence
80% confidence
Finding
curl -s -X POST "$PAPER_MCP_URL" \ -H "Content-Type: application/json" \ -H "Accept: $ACCEPT_HEADER" \ -H "Mcp-Session-Id: $session_id" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.