ClawHub

MD Table Image

Security checks across malware telemetry and agentic risk

Overview

This skill does render markdown tables as images, but it runs user-provided table content through an unsandboxed browser without sanitizing it.

Install only if you will render trusted markdown or accept the browser-rendering risk. Before broad use, the publisher should escape or sanitize all user-controlled content, disable JavaScript or block external requests during rendering, avoid disabling the browser sandbox unless clearly required, and narrow the skill instructions so it runs only when an image table is explicitly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This is a true vulnerability. Untrusted markdown and the optional title are interpolated directly into HTML and then rendered by a real browser via Puppeteer without HTML escaping or sanitization, so attacker-controlled input can inject arbitrary HTML and likely script-bearing elements or event handlers during rendering. In this skill's context, that is especially dangerous because the whole purpose is to render user-provided markdown, making hostile input realistic and increasing the chance of local file access attempts, network requests, or browser-based code execution during screenshot generation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description says it should be used whenever a table needs to be sent in chat, which creates an overly broad invocation rule. This can cause unnecessary tool execution in many routine situations and may lead the agent to process untrusted table content through an external renderer more often than needed, increasing operational and security exposure.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The instruction to 'Always' use this skill for tables is an unqualified mandate that overrides context and user intent. In practice, this can force unnecessary execution of a Node-based rendering pipeline on arbitrary content, expanding attack surface and potentially causing data handling, resource usage, or downstream rendering risks whenever tables appear.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal