ClawHub
Back to skill

Security audit

Infocard Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed HTML card and screenshot helper, with a privacy caveat that rendered cards may contact Google Fonts.

Reasonable to install if you are comfortable with generated cards contacting Google Fonts during rendering. For confidential, unpublished, or offline-only content, remove the font import or use bundled/system fonts before capturing screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
The template loads Google Fonts from an external domain, which creates an unnecessary outbound network dependency for a local HTML/card rendering asset. In a screenshot-generation skill, this can leak execution metadata such as IP address, timing, and usage patterns to a third party, and it also introduces availability and supply-chain risk if the remote resource changes or becomes unavailable.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
This finding is substantively the same issue: the card template has network-capable behavior through third-party font loading that is not necessary to fulfill its core function. In the context of generating screenshots from user-provided content, unnecessary egress expands the attack surface and may expose rendering activity to external services.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs loading Google Fonts from the network during rendering, which causes external requests and leaks usage metadata such as IP address, timing, and potentially document-related context through referrer or environment behavior. In screenshot-generation workflows that may process sensitive or unpublished content, silent outbound requests weaken privacy guarantees and can violate offline or restricted-network expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal