ClawHub

please-drawio-turn

Security checks across malware telemetry and agentic risk

Overview

This diagram skill is mostly coherent, but it should be reviewed because it can launch local files/apps and automatically mutate/prune diagram backup files without tight scoping.

Install only if you are comfortable with a skill that writes diagram files, opens local applications for preview, and manages hidden local backup versions. Prefer using it on non-sensitive workspaces, avoid using the open command on arbitrary paths, and review generated/restored files before relying on the version history. VirusTotal and the static scan were clean, and I did not find evidence of network exfiltration or credential access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `open_file`/`cmd_open` flow will open any path supplied by the user via `os.startfile`, not just generated `.drawio` files. In a skill context, this broadens capability from diagram generation to arbitrary local file/application launching, which can expose sensitive files or trigger execution through dangerous file associations such as scripts, shortcuts, or executables.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill description states that it will generate `.drawio` files and open them with draw.io, but it does not clearly disclose that this causes local file creation and launches a desktop application on the user's machine. Automatic app launch expands the action from passive content generation to local execution behavior, which can surprise users and create risk if the generated file path or content is unsafe.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The output specification requires automatically opening the generated diagram after creation, again without a clear safety prompt or consent gate. Even though draw.io files are expected output for this skill, automatic desktop application launch is a privileged side effect that can be abused for nuisance, unexpected local execution, or opening attacker-influenced content without sufficient user awareness.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide mandates automatic deletion of older versions and automatic backup/restore behavior without clearly warning the user that files will be modified and historical data may be pruned. In a file-editing skill, this can lead to unintended data retention, silent file mutation, or loss of recoverability, especially when users assume non-destructive preview behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal