Back to skill

Security audit

Social Media Cover Generator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates social media cover images, but it uses a local headless browser and an external JavaScript library during conversion.

Install only if you are comfortable with a Node/Puppeteer workflow that creates local files, launches Chromium, and loads snapdom from unpkg during rendering. Use it on generated or trusted HTML, avoid sensitive working directories, and prefer vendoring or pinning snapdom plus preserving browser sandboxing in higher-security environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill requires generated HTML to load snapdom from unpkg.com at render time, which introduces unnecessary external network access and a third-party supply-chain dependency into what should be a local HTML-to-PNG workflow. If the CDN content changes, is compromised, or is blocked, rendering behavior can become unsafe or unreliable, and the headless browser may execute untrusted remote JavaScript during conversion.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script launches Chromium with `--no-sandbox` and `--disable-setuid-sandbox`, removing an important isolation boundary while rendering potentially attacker-controlled local HTML. Because the tool loads arbitrary HTML and waits for network activity to finish, any browser exploit or unsafe page behavior executes with reduced containment, making compromise of the host process significantly more serious.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to save generated HTML into the working directory without specifying safe file-handling rules, collision checks, or overwrite protections. In an automated agent context, this can lead to accidental overwriting of existing files, unintended persistence of sensitive content, or writing files into directories the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs execution of a Node.js script via `node scripts/html2png.js`, which means the agent is instructed to run local code and spawn a rendering pipeline without clear user-facing consent or disclosure. In a security-sensitive environment, hidden code execution is risky because the script and its dependencies could perform unexpected filesystem, network, or subprocess actions beyond simple image conversion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.