ClawHub
Back to skill

Security audit

Pencil Design

Security checks across malware telemetry and agentic risk

Overview

This design-generation skill is coherent, but it gives agents broad permission to install and run external tooling, authenticate accounts, persist skill instructions, and create or overwrite design files with limited guardrails.

Install only if you intend to use Pencil CLI for visual design generation. Approve npm installs, account logins, CDN-fetched skill files, and any writes into agent skill directories manually; prefer pinned package versions and versioned output filenames such as design-v2.pen instead of overwriting existing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description is scoped so broadly that it can auto-trigger for almost any request involving visuals, mockups, webpages, slides, or graphics. Over-broad routing increases the chance the agent invokes this skill in contexts the user did not explicitly intend, which can lead to unnecessary package installation, authentication setup, network access, and file creation side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instructions repeatedly tell the agent to save `.pen` and exported image files, and even suggest overwriting the same file during iteration, but they do not require confirmation before writing or overwriting user files. In an agent setting, this creates a real risk of unintended filesystem modification, clobbering prior work, and surprising persistence of generated artifacts in the working directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal