ClawHub

Mermaid Image Uploader

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised Mermaid conversion and image-upload workflow, but users should avoid sending private diagrams to the remote services it uses.

Install only if you are comfortable with selected Mermaid content and rendered images being sent to external services. For internal architecture, credentials, private workflows, or unpublished business documents, use a local mermaid-cli workflow and avoid public image hosts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The generated 'local' HTML file loads Mermaid JavaScript from a third-party CDN, so opening the file causes outbound network access and executes remote code in the browser context. This creates privacy and supply-chain risk, especially if users expect an offline/local rendering path for sensitive diagrams.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation promotes uploading generated diagram images to third-party image hosts without warning users that diagrams may contain sensitive business logic, architecture details, or internal identifiers that will be shared externally. In a skill intended to process user-provided Markdown and Mermaid content, this omission can lead to unintentional data disclosure because users may reasonably assume the tool is only doing local conversion.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The profile recommends Kroki online conversion as the preferred method without disclosing that Mermaid source content is transmitted to a remote service for rendering. Since Mermaid diagrams often encode internal workflows, infrastructure, or project details, this can cause silent exfiltration of sensitive content when users follow the recommended path.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README promotes online conversion via Kroki and uploading generated images to third-party image hosts, but it does not clearly warn users that Mermaid source content and potentially sensitive diagram data will be transmitted to external services. In a documentation-processing skill, users may reasonably include internal architecture, credentials, endpoints, or business logic in diagrams, so the lack of disclosure creates a real data exfiltration and privacy risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description explicitly promotes uploading generated images to third-party image hosts but does not clearly warn users that Mermaid source content, or information derived from it, may leave the local environment and be sent to external services. In practice, Mermaid diagrams embedded in Markdown can contain sensitive architecture, internal process, or credential-adjacent information, so the omission creates a real data disclosure risk through uninformed use.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This method transmits the full Mermaid diagram content to kroki.io without any explicit warning, consent, or sensitivity check. If the diagram contains proprietary architecture, credentials, internal URLs, or other confidential content, that data is exposed to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal