Back to skill

Security audit

ProcessOn Diagram Generator

Security checks across malware telemetry and agentic risk

Overview

This looks like a real ProcessOn diagram skill, but it asks for broad control over diagram requests, in-band updates, command execution, and persistent local authorization tokens.

Use this only if you specifically want ProcessOn cloud-generated editable diagrams and are comfortable with your prompts being sent to ProcessOn, browser authorization, reusable local token storage, and npm/shell-based setup or update steps. Review and revoke/delete cached credentials when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill requires a remote version check and can steer the agent into upgrade-related behavior before performing its stated diagram-generation task. This expands the trust boundary to external network content and operational instructions, creating unnecessary pre-execution side effects and an opportunity for prompt-driven supply-chain influence.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill performs OAuth/token handling and persists credentials in user-level storage, but this capability is not clearly disclosed in the manifest description. Hidden credential management increases security and privacy risk because users and orchestrators may invoke the skill without understanding that it stores reusable authentication material locally.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documentation instructs the agent to execute shell commands for remote checks and to recommend package installation commands unrelated to the core act of generating a diagram. This is dangerous because it normalizes command execution and update flows from skill content, increasing the risk of command abuse, supply-chain compromise, or unwanted system modifications.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill claims mandatory invocation for essentially any structured chart request, including broad and ambiguous user intents. Overbroad trigger rules can hijack unrelated workflows, force unnecessary external tool use, and bypass safer or more appropriate built-in handling.

Vague Triggers

High
Confidence
95% confidence
Finding
Requiring activation on vague phrases like '画图', '可视化', and '生成图表' makes the skill easy to trigger outside its appropriate context. In practice, this can cause involuntary data transfer to external services and reduce the agent's ability to apply contextual judgment about whether the skill is necessary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
setup.mjs:57

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
setup.mjs:120