ClawHub

ProcessOn Mindmap Generator

Security checks across malware telemetry and agentic risk

Overview

The skill does generate ProcessOn mind maps, but it also adds runtime update/install behavior and uploads user content to a cloud service with limited upfront disclosure.

Install only if you are comfortable with Markdown content being sent to ProcessOn's cloud service and with the skill contacting GitHub before use. Do not approve the force update command unless you trust the GitHub source and intend to let the agent modify installed skills. Avoid confidential documents unless ProcessOn's data handling is acceptable for that content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill mandates a remote version check and self-update flow before performing its actual task, which is unrelated to generating mind maps from user input. This creates an unnecessary supply-chain and control-plane risk by making execution depend on external remote content and upgrade logic.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instructions require shell execution for both version probing and package installation, including an `npx skills add ... --force` command. A content-transformation skill should not invoke arbitrary shell commands, because this expands the attack surface to command execution and remote code/package retrieval.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs automatic shell execution and remote update actions without clear disclosure in the user-facing description. Users invoking a mind-map tool would not reasonably expect command execution or software installation, creating a serious consent and trust-boundary violation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The client reads Markdown from stdin or a local file and sends it verbatim to https://smart.processon.com without any explicit consent prompt or warning at transmission time. In this skill's context, users may pass sensitive notes, internal documents, or cached agent-produced files, so silent exfiltration to a third-party service creates a real confidentiality risk even though it appears to be intended product behavior.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code can delete the supplied Markdown file either when --cleanup-markdown-file is used or automatically when the path is under system temp or .agents/cache, and this occurs without an explicit warning at deletion time. Because resolve_markdown_input also treats a --markdown argument that happens to be a file path as a file, a user or calling agent could unintentionally lose data if a real file in those locations is processed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal