ClawHub

Baoyu Infographic

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed infographic generator that creates local output files and reads only its own optional preference files.

Install only if you are comfortable with the skill creating files under an infographic output folder, renaming prior outputs to backups, reading its optional baoyu-infographic EXTEND.md preference files, and passing the prepared infographic prompt to an image generation tool. Avoid using private secrets or sensitive documents as source content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs checking and reading configuration files from user-scoped locations such as $HOME and XDG config directories, which expands data access beyond the project content needed to generate an infographic. Even if intended for preferences, this creates unnecessary exposure of user-environment data and can leak or process sensitive personal configuration content if those files are maliciously modified or contain unexpected information.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill writes multiple files and automatically renames existing files to backup names, but the description does not clearly warn users that it will modify the workspace. This can lead to unexpected file creation, clutter, or accidental handling of sensitive content in generated artifacts, especially when users believe the skill is read-only.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal