ClawHub

Excalidraw

Security checks across malware telemetry and agentic risk

Overview

This diagram skill is coherent, but it makes third-party upload and browser-based screenshot verification part of the default workflow without enough user control or privacy warning.

Install only if you are comfortable with the agent uploading diagrams to Excalidraw for share links and using browser screenshot tooling for verification. Treat generated links as sensitive, avoid uploading confidential architecture or operational diagrams unless explicitly intended, and prefer local-only .excalidraw files when sharing is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill goes beyond local file generation and instructs users to upload diagrams to excalidraw.com for sharing. Even if intended as convenience, this creates an undisclosed external data flow that can leak sensitive architecture, process, or system-design information commonly contained in diagrams.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The browser automation and local HTTP control instructions expand the skill from diagram generation into local browser orchestration and screenshot capture. This is risky because it introduces additional control surfaces and trust assumptions on local services, increasing the chance of unintended browsing actions, local data exposure, or abuse of an existing automation endpoint.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Requiring an external upload script introduces network exfiltration behavior that is not justified by the narrow manifest description of diagram generation. Because diagrams may contain internal architecture, credentials references, or workflow details, sending them to a third-party service can create a meaningful confidentiality risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions encourage uploading diagrams to an external service without a clear, user-facing warning that the contents will be transmitted off-device. This is dangerous because users may treat diagrams as local artifacts while unknowingly sharing potentially sensitive operational or architectural information externally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script reads a local .excalidraw file and uploads its contents to a remote Excalidraw endpoint, then prints a shareable URL, but it does not present any explicit privacy or network-transmission warning at the point of use. Although the content is encrypted client-side before upload, this still transmits user data to a third-party service and produces a URL containing the decryption key in the fragment, which users may share or expose unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal