ClawHub

Svg Article Illustrator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: generate and insert local SVG or PNG article illustrations, with disclosed local file edits and a local SVG archive users should be aware of.

Install only if you are comfortable with the skill editing the target Markdown file and keeping local archived copies of generated SVGs inside the skill directory. For confidential articles, review or delete the archive after use, and use PNG export only with trusted SVG content and dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as an illustration generator/converter, but it also instructs the agent to extract embedded SVGs from user articles and persist them under an internal archive directory. That creates undisclosed data retention and secondary processing of user content, which exceeds the stated purpose and can expose sensitive article content, metadata, or embedded comments to future access.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented workflow mandates copying generated/extracted SVG assets into a skill-internal archive path, even though the advertised functionality is only generation/conversion. Persisting user-derived assets inside the skill directory increases privacy and supply-chain risk because content is retained in a less obvious location that may be reused, synced, or inspected later.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Automatic archival inside the skill's internal directory is not necessary for the core task of generating article illustrations, so it constitutes unnecessary collection and persistence of user content. Because the archived files are derived from article text and SVG comments/names, this can leak sensitive topics, titles, or annotations beyond the immediate task context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs modification of the source Markdown by inserting embedded SVG or image references, but it does not clearly require informing the user or obtaining confirmation before changing files. Silent in-place edits can overwrite authored content, introduce active SVG content into documents, and cause unexpected rendering or publishing effects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The archival step stores extracted SVGs under an internal archive path without a clear privacy, persistence, or retention warning. This hidden storage of user-derived assets increases the chance of unintended disclosure, especially if the article content, title, or SVG comments contain sensitive information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented trigger phrase is broad enough to match ordinary user requests about article illustration and image generation, which can cause the skill to activate unexpectedly. In an agent environment, over-broad invocation increases the chance of unintended file creation, Markdown modification, or downstream tool use without the user clearly opting into this specific skill.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The specification requires Chinese filenames by default, which overrides user preference and can create compatibility, usability, or workflow issues for users expecting other languages or naming schemes. While not a direct code-execution issue, it is a policy and behavior constraint that may lead to surprising modifications in user content and reduced interoperability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal