ClawHub

Natural Language to SVG Vector Graphic Code

Security checks across malware telemetry and agentic risk

Overview

This skill is a Markdown-only guide for generating standalone SVG code, with no evidence of hidden execution, data access, persistence, or exfiltration.

Reasonable to install for SVG drafting. As with any generated SVG, review the output before embedding it in a website or app, especially if you later add scripts, external links, fonts, or images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Hidden Instructions

High
Category
Prompt Injection
Content
```svg
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 300" width="100%" height="100%">
  <!-- content -->
</svg>
```
Confidence
70% confidence
Finding
<!-- content --> </svg> ``` - **Must include** `viewBox`, prefer square viewports (e.g., `100 100` or `400 400`) - **Always declare** `xmlns` namespace - **No external resources** (fonts/images), use

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal