ClawHub

Excalidraw Render

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Excalidraw diagram skill, but setup uses npm and Playwright downloads and one older reference renderer still loads Excalidraw from a CDN.

Install only if you are comfortable running npm and Playwright setup commands. Review setup.sh first, consider running it in an isolated environment if supply-chain controls matter, and use the root render_excalidraw.py path rather than the older reference renderer for offline/local rendering.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The renderer explicitly relies on remote JavaScript modules loaded by the HTML template, which means rendering local diagram files triggers network fetches and execution of third-party code. That creates a supply-chain and integrity risk: if the remote module source is compromised, changed unexpectedly, or blocked, the local rendering process can execute untrusted code inside a browser context.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Using a full network-capable Chromium instance to render a local diagram unnecessarily expands the attack surface for a task that should be local-only. Combined with loading remote modules, this allows external code retrieval and browser execution during processing of user-supplied diagram data, increasing exposure to browser-side exploitation, data exfiltration paths, or unexpected outbound requests.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The setup script attempts a global npm installation of @swiftlysingh/excalidraw-cli, which modifies the host environment outside the skill directory and can affect other projects or users on the system. While this appears intended for convenience rather than abuse, global installation broadens the trust boundary and increases supply-chain and system integrity risk if the package or its install scripts are compromised.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation text is broad enough to trigger on many generic requests about diagrams, workflows, or visualization, which can cause the skill to activate outside its narrow intended scope. Over-broad routing increases the chance that the agent will run local tools and setup steps unnecessarily, expanding attack surface and creating opportunities for prompt/skill misuse.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The code waits for an ES module that is imported from an external source, but the script's interface and help text do not disclose that rendering depends on network access and third-party code delivery. This is a real security-quality issue because operators may assume fully local rendering and run it in environments where outbound access, reproducibility, or supply-chain controls matter.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal