ClawHub

Math Notes KaTeX

Security checks across malware telemetry and agentic risk

Overview

This skill locally renders math notes into PNG images and shows no evidence of hidden data sharing, persistence, or unrelated system access.

Install only if you need local math-note image rendering. Run it as an unprivileged user, avoid rendering notes from untrusted sources, and be aware that it starts a local browser with weakened sandboxing and local file access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script launches a full Brave browser against attacker-controlled note content with '--no-sandbox', '--disable-setuid-sandbox', and '--allow-file-access-from-files'. Although the HTML is locally generated, KaTeX output and browser parsing still process untrusted input, so a browser or renderer bug could turn this into local file access or code execution with the privileges of the agent process. In this skill context, rendering arbitrary user-supplied notes makes the issue more dangerous because the browser is the primary parser for adversarial content, not a narrowly scoped image renderer.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly instructs operators to run headless Chromium/Brave with `--no-sandbox` and `--disable-setuid-sandbox` when executing as root, but it does not warn that this removes a major browser isolation boundary. In this skill's context, the browser renders KaTeX/HTML and also enables local file access, so disabling sandboxing can significantly increase the blast radius of any renderer or browser compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal