ClawHub

smart-charts

Security checks across malware telemetry and agentic risk

Overview

This charting skill mostly matches its stated purpose, but it needs Review because it can execute generated Python transformation code, including through an automatic chart path that bypasses the documented confirmation step.

Review before installing. Use this skill only with trusted datasets and prompts, avoid or manually inspect generated transform code, and prefer running it in a constrained environment if sensitive files are nearby. Generated HTML reports may contact external CDNs when opened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

exec() call detected

High
Category
Dangerous Code Execution
Content
global_vars = {'__builtins__': safe_builtins}

        try:
            exec(code, global_vars, local_vars)
        except Exception as e:
            raise TransformError(
                f"转换代码执行失败: {e}",
Confidence
98% confidence
Finding
exec(code, global_vars, local_vars)

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
This chart-generation path accepts transform_code and passes it into DataTransformer(auto_confirm=True).transform before rendering, meaning a visualization request can trigger arbitrary code-like data transformation without any approval gate in this component. In the context of a skill that reads user-supplied files and uses LLM assistance, this significantly increases the chance of prompt-driven or user-supplied unsafe transformation execution, potentially leading to code execution, data exfiltration, or destructive file/system actions depending on DataTransformer's capabilities.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Using broad triggers like "chart" and "visualization" can cause the skill to activate in unrelated conversations, increasing the chance that user files or prompts are routed into a skill that performs file processing and LLM-driven code generation. In this context, overbroad invocation is more risky than usual because the skill has meaningful side effects, including disk writes, template handling, and possible network resource loading.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The generated HTML automatically loads remote JavaScript from external CDNs, which creates a supply-chain and privacy exposure whenever the file is opened. If the CDN, network path, or dependency is compromised, the opened chart can execute attacker-controlled JavaScript in the user's browser context, and users are not warned that viewing a local report causes network access.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal