ClawHub

Swimlane Arch

Security checks across malware telemetry and agentic risk

Overview

This skill generates editable diagram files and has a disclosed optional cloud export path, but users should avoid cloud export for sensitive diagrams unless they trust that service.

Install for local Draw.io generation if you are comfortable with it creating .drawio files in the working directory. Leave PROCESSON_API_KEY unset for local-only use, and do not enable ProcessOn/PingCode upload for confidential business workflows, system architectures, government processes, or other sensitive content unless that third-party service is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest states there are no environment requirements, yet the documentation describes behavior that depends on an API key and enables optional cloud upload. This mismatch can hide security-relevant capabilities from reviewers and operators, leading to unexpected data egress when the key is present.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill's main purpose is local diagram generation, but it also introduces an external upload path to ProcessOn/PingCode that is not essential to the core function. This expands the attack surface and can leak user-provided business process or architecture data to a third party without strong justification.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises optional ProcessOn API Key usage but gives no warning that user content may be transmitted to a third-party service or how the key is stored and protected. In a diagram-generation skill, prompts may contain internal business workflows or system architecture, so silent external transmission can expose sensitive operational information and credentials handling risk.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include very broad everyday terms such as '流程图', '架构图', '画个图', and similar language that can match many unrelated user requests. Overbroad activation can cause the skill to run unexpectedly, generate files, or invoke optional integrations in contexts where the user did not intend to use this capability.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The automatic recognition rules are vague and map common words like '流程', '系统', or '服务' directly to activation. In an agent setting, ambiguous matching increases the chance of unintended execution, especially because the skill may write files or choose a diagram type without explicit user confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs saving a .drawio file into the working directory but does not clearly warn users up front that it will create files. Unannounced file writes are security-relevant because they change the local environment and may overwrite expected workflows or create artifacts in sensitive directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description notes ProcessOn integration but does not clearly warn users that enabling it results in an external API call. Without an explicit warning, users may unknowingly send potentially sensitive process or architecture information to a third-party service.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal