ClawHub

SVG 会议纪要卡片 · 马甲实战版

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real meeting-summary skill, but it can automatically create files and run a converter that may modify the host Python environment.

Review before installing. Use it only where transcript content is approved for local processing and sharing, and prefer isolating the converter or removing the runtime pip install fallback. Confirm output paths before use and review generated SVG/PNG files before forwarding them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        import cairosvg
    except ImportError:
        subprocess.check_call([sys.executable, "-m", "pip", "install",
                               "--break-system-packages", "-q", "cairosvg"])
        import cairosvg
    cairosvg.svg2png(url=svg_path, write_to=png_path, scale=scale)
Confidence
98% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "--break-system-packages", "-q", "cairosvg"])

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
Installing packages at runtime for SVG-to-PNG conversion is dangerous because it turns a simple file-processing action into code acquisition and execution from external package sources. In this meeting-summary skill, that behavior is unnecessary for the narrow task and increases exposure to supply-chain compromise, unexpected network access, and persistent host modification.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Launching headless Chrome with '--no-sandbox' disables an important security boundary around browser-based rendering of untrusted SVG content. Because this skill processes user-provided meeting transcripts and generated SVGs, a browser parser bug or hostile SVG/HTML payload would have a more direct path to affect the host process.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages users to feed meeting transcripts and speech-to-text dumps into the skill, but it provides no warning that such inputs may contain confidential business, personal, legal, or regulated data. In this context, omission of a privacy/sensitivity notice can lead users to paste sensitive meeting content into tooling without considering data handling, retention, or sharing risks, especially since the output is designed for easy forwarding in chat platforms.

Vague Triggers

High
Confidence
88% confidence
Finding
The trigger conditions are overly broad and include generic phrases like 'help me organize this meeting' or 'summarize this conversation,' which can cause the skill to activate unintentionally on ordinary chats. In context, this is more dangerous because the skill may then read user-provided content and create files or run conversion steps without the user realizing a file-generating skill was invoked.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill workflow writes an SVG file and automatically creates a PNG copy, but this side effect is not clearly surfaced to the user before execution. Hidden local file creation is a security and privacy concern because meeting transcripts often contain sensitive business content, and users may not expect artifacts to be stored on disk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code silently performs pip installation without warning the user that it will modify the Python environment, and it does so with '--break-system-packages'. Even if no package is malicious, this can destabilize the runtime, violate admin expectations, and make a low-risk conversion task unexpectedly invasive.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal