今日投资实时 Draw.io 架构图技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed draw.io diagram workflow that may create local export files, but it includes reasonable confirmation and privacy safeguards.

Install this if you want an MCP-driven draw.io workflow and are comfortable with local preview/export files. For confidential architecture diagrams, confirm export paths carefully, avoid overwriting existing files, and use a self-hosted draw.io base URL rather than the public diagrams.net embed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The workflow explicitly instructs exporting `.drawio`/PNG/SVG files and checking filesystem paths and non-zero size, but it does not require warning the user that local files will be created or may overwrite existing files. In a skill that drives tool-based diagram generation and export, this can lead to unintended local writes, surprise persistence of potentially sensitive diagrams, or accidental overwrite if filenames/paths are reused or inferred.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal