ClawHub

pretty-mermaid

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Mermaid diagram generator, with disclosed but noteworthy use of a global npm install and CDN-hosted JavaScript for HTML output.

Install only if you are comfortable with a global npm dependency, or adapt it to a local/isolated install. For sensitive or offline work, prefer PNG/SVG output or vendor Mermaid locally instead of opening generated HTML that loads JavaScript from a CDN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to install packages globally with npm, execute shell commands, write files via shell redirection, and use tools that may access the network, yet it declares no permissions. This mismatch is dangerous because users or orchestration systems may treat the skill as low-risk while it actually performs privileged actions that can modify the environment, fetch remote dependencies, and create files.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated HTML always loads Mermaid from a public CDN, causing network access whenever the file is opened and leaking user metadata such as IP address, user agent, and access timing to a third party. It also introduces a supply-chain and integrity risk because the rendered output depends on remote script delivery rather than a bundled local asset.

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
The HTML output forces browser execution of a third-party CDN-hosted script without explicit user consent or an offline-safe mode. In privacy-sensitive or restricted environments, this can violate policy and expose users to tracking or remote-script compromise when simply opening a locally generated file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal