Canvas

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent canvas-control guide with disclosed remote display, JavaScript, screenshot, and local-file-serving capabilities, but users should use it only with trusted content and intended nodes.

Install/use this only if you intend to control canvases on connected OpenClaw nodes. Keep the canvas root limited to non-sensitive display files, prefer the narrowest bind mode that works, confirm the target node and URL before actions, run eval only with trusted JavaScript, and avoid snapshotting canvases that show secrets or private data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documented `eval` action explicitly executes JavaScript in the canvas, but the skill does not warn users that this can run arbitrary script in a WebView on a connected node. In this context, an agent or user could be induced to run untrusted code on remote devices, enabling phishing UI, data access within the page context, or abuse of any bridge/exposed WebView capabilities.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The `snapshot` action captures screenshots of rendered canvas content, but the skill omits any privacy or consent warning. Because the canvas may display sensitive dashboards, personal content, or tokens, silent screenshot capture on connected devices can expose confidential information without clear user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal