ClawHub

Mindmap Generator

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it can send private conversation, calendar, memory, and meeting-note content to Telegram without a clear per-send consent or local-only option.

Install only if you are comfortable sending generated mindmaps, including possible meeting notes, priorities, calendar-derived context, or memory-derived context, through Telegram. Use a dedicated Telegram bot token limited to the intended chat, verify chat_id carefully, avoid regulated or confidential material unless Telegram is approved for that use, and prefer preinstalling a pinned Mermaid CLI instead of relying on runtime npx installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script falls back to `npx -y @mermaid-js/mermaid-cli`, which can download and immediately execute code from the network at runtime. That behavior exceeds the core need of rendering a mindmap image and creates supply-chain and unexpected network-execution risk, especially if the package version changes or a compromised dependency is served.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that generated mindmaps are delivered through Telegram, which means conversation content, goals, decisions, or meeting notes may be transmitted to an external third-party service. Because the documentation does not clearly warn about this data flow, privacy implications, or data sensitivity, users may unknowingly send confidential information off-platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to transmit a rendered image based on conversation, memory, or meeting-note content to Telegram without an explicit warning or consent step. This is dangerous because mindmaps may condense sensitive personal, business, or meeting information and send it to an external messaging platform, creating privacy and data-handling risks.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill's 'Always send the mindmap as a PNG image in Telegram' requirement forces a specific external channel regardless of user preference or sensitivity of the content. This increases risk by removing an opportunity to keep outputs local or text-only and can cause unnecessary disclosure of confidential material to Telegram infrastructure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guidance explicitly encourages using memory and messages as fallback inputs for generating mindmaps, but it does not require user awareness, consent, or filtering for sensitive data. In a personal-assistant context, this can cause the agent to surface private conversations, calendar details, or stored personal information into an image or caption that the user did not expect, increasing the risk of privacy leakage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
On render failure, the script sends the raw Mermaid input to Telegram as a text message without any user confirmation or redaction. That can leak sensitive conversation notes, goals, decisions, or priorities to an external service in a way that is less obvious than the normal image-delivery path, especially because failure handling often receives less scrutiny.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `npx -y` path performs automatic package download and execution without explicit notice or consent, so a normal render operation can unexpectedly trigger network activity and run newly fetched code. In an agent skill context, this is more dangerous because execution may occur in automation or server environments where users do not expect outbound fetches or dynamic code installation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal