ClawHub

Excalidraw Diagram Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a diagram-generation helper with some optional local file/script workflows, but the reviewed artifacts do not show hidden data access, credentials use, persistence, or destructive behavior.

Reasonable to install for generating Excalidraw diagrams. Treat the optional icon workflow carefully: only run helper scripts you can inspect and trust, keep icon libraries inside the skill’s intended libraries directory, and review generated diagrams before sharing if the prompt included sensitive architecture or business details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to run local Python and shell commands to modify diagram files and process local icon libraries. That expands the skill from pure content generation into local file-system interaction and code/tool execution, which can be abused to overwrite files, access unintended local resources, or execute unreviewed scripts in the host environment.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The skill encourages directory listing, reading auxiliary files, and loading local icon libraries to enrich output. While not inherently malicious, this broadens the accessible data surface beyond the core task and can enable unintended local file discovery or prompt-induced data access if an attacker steers requests toward sensitive paths or files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal