Markdown Editor With Chat

Security checks across malware telemetry and agentic risk

Overview

This markdown editor appears purpose-built, but it needs review because it can expose or modify more local markdown content than users may expect.

Install only for a dedicated, non-sensitive markdown folder. Keep the host bound to 127.0.0.1, avoid opening untrusted markdown files, and enable gateway chat only if you are comfortable sending the current document to that gateway. The path boundary, markdown link sanitization, and chat disclosure/minimization should be fixed before using it with private notes or secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The chat feature silently injects the full current document into every backend chat request via a hidden system message. This can expose sensitive user-authored content to the server or downstream model provider without clear consent, which is a real privacy and data-minimization issue rather than a false positive.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The /api/chat endpoint forwards arbitrary user-supplied messages to the configured external OpenClaw gateway, which can expose sensitive markdown content or user-entered data to a third party. In this server file there is no consent gate, warning, allowlist, or payload filtering, so enabling chat changes the trust boundary in a way users may not realize.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The implementation automatically includes the entire editor contents as hidden context while the UI only reflects the user's typed chat message. That mismatch can lead users to reveal private notes, secrets, or drafts unintentionally, and model responses may further surface or transform that sensitive content.

Context Leakage

High

Category: Data Exfiltration
Content: panel.classList.toggle('hidden'); } // Send chat message async function sendChat() { const input = document.getElementById('chatInput'); const message = input.value.trim();
Confidence: 94% confidence
Finding: Send chat

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal