Back to skill

Security audit

ProcessOn Diagram Generator

Security checks across malware telemetry and agentic risk

Overview

This ProcessOn diagram skill is useful for cloud diagram generation, but it overreaches by forcing broad use, prompting in-band updates, installing npm tooling, and persistently caching authorization tokens.

Install only if you intend to use ProcessOn's cloud diagram service and are comfortable with prompts being sent to ProcessOn, browser authorization, persistent token storage, and npm tooling that may install mcporter globally. Review the authorization permissions, consider preinstalling/verifying mcporter yourself, and revoke or delete the cached token when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill requires an external network version check on every use and instructs the agent to halt normal work and present self-update guidance when a newer version is found. This extends behavior beyond diagram generation into remote control of execution flow, creating unnecessary dependency on external content and enabling supply-chain or prompt-steering risk if the remote source is changed or unavailable.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill embeds package installation and forced update instructions (`npx... skills add ... --force`) that are unrelated to rendering diagrams and could cause code changes or package retrieval from a remote source during routine use. Even when framed as user-confirmed, this materially increases supply-chain exposure and expands the skill from content generation into software modification.

Vague Triggers

High
Confidence
94% confidence
Finding
The skill claims mandatory invocation for extremely broad phrases like '画图', '生成图表', and effectively any structured visualization request. This can hijack many benign user requests, forcing unnecessary external tool use, authorization, and data transfer to a third-party service when a simpler local response would suffice.

Vague Triggers

High
Confidence
95% confidence
Finding
The invocation rules use vague catch-all language such as '任何结构化图表' and prohibit bypassing the skill even when built-in capabilities are sufficient. In context, that broad routing rule is risky because it can over-collect user content and unnecessarily escalate ordinary requests into authenticated third-party processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
setup.mjs:57

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
setup.mjs:120