LeaferJS — Canvas 2D Engine

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only LeaferJS skill with expected install and canvas export examples, and no evidence of hidden execution or data exfiltration.

Install only if you want LeaferJS reference guidance. Be aware that the documented export and screenshot APIs can capture canvas content, so use them deliberately when the canvas may contain private user data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This markdown file documents exporting images, Base64 data, JSON, and taking screenshots, all of which can affect user data or privacy. Under the markdown-specific warning rule, the section lacks any caution or disclosure about what data may be captured or exported.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal