ClawHub

Diagram Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI diagram tool, with the main risks being external processing of selected diagrams and in-place edits that can overwrite files.

Install only if you are comfortable using an EvoLink API key and sending selected diagram prompts or files to EvoLink for AI processing. Avoid confidential architecture, network, database, or business diagrams unless EvoLink's data handling is acceptable to you, and keep backups or version control before using the edit command because it overwrites the chosen file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and relies on capabilities including environment-variable access, shell execution, and reading/writing local files, but does not declare any permissions boundary for them. This creates a transparency and policy-enforcement gap: users or hosting platforms may treat the skill as lower risk than it is, while the documented commands can transmit local diagram content and API credentials may be used during shell-based operations.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script is explicitly designed to send prompts and diagram contents to EvoLink's remote API, and preview functionality can also open external services. This is a real security/privacy concern because users may provide proprietary diagrams or sensitive architecture details, and the network transmission behavior is broader than simple local diagram manipulation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The PlantUML preview path encodes the full diagram and sends it to plantuml.com for rendering, disclosing diagram contents to a third party. This is dangerous when diagrams contain internal architecture, credentials, hostnames, or other sensitive metadata that users may not realize are leaving the local machine.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The preview flow launches browser windows and, for some formats, directs users to external web services. This can cause unintended data exposure because diagram contents may be sent to third-party sites or opened in a browser context without an explicit consent step; in a security-sensitive environment, diagrams often contain internal architecture or secrets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
AI commands send user descriptions and full file contents to a remote API without an in-flow disclosure warning at the point of transmission. That creates a meaningful confidentiality risk because users may unknowingly upload sensitive diagrams, schemas, or infrastructure details to an external provider.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The edit command replaces the original file directly with AI-generated output, which can cause irreversible loss or corruption of user data if the model returns malformed or incomplete content. Because the source file may be important documentation or system design material, silent overwrite increases operational risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits prompts and full diagram/file contents to an external API for generate, edit, convert, and explain operations without an in-band warning at the point of use. This is dangerous because users may process sensitive architecture, network, database, or UML files and unintentionally exfiltrate confidential information to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The edit command overwrites the original file directly with AI-generated output, with no backup, diff, or confirmation. This can destroy user data, corrupt diagram files, or silently replace trusted content with malformed or unsafe output, which is especially risky when editing important design artifacts.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal