Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vizboard
v1.0.0Generate beautiful, self-contained HTML dashboards and visual pages — architecture diagrams, flowcharts, KPI dashboards, data tables, diff reviews, plan revi...
⭐ 0· 39·0 current·0 all-time
by@redf426
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (HTML dashboards, diffs, diagrams) align with the skill's instructions to read the repo, run git commands, and render templates. However there are a few mismatches: the SKILL.md hard rule says 'HTML must be fully self-contained (inline CSS/JS, no external assets)' while references/libraries.md documents using CDN-hosted Mermaid and ELK imports. Also the skill reads agent-specific memory paths (e.g., ~/.agent/memory and ~/.pi/agent/memory) which are not obviously required by a visualization generator and could expose sensitive conversational memory.
Instruction Scope
The SKILL.md and prompts instruct the agent to run shell/git commands (git diff, git show, gh pr diff), read many repository files, and read agent memory files in home-directory paths. They also describe saving files under ~/.agent/diagrams and copying them into the workspace to 'send' via message(action="send", filePath="./..."), then removing them. Optional behavior includes invoking a local 'surf' CLI (surf gemini --generate-image) that may call an external image-generation service. These actions are broadly consistent with a diff/plan reviewer, but they grant access to user home directories and agent memory and allow optional external network interactions — these are sensitive and not declared as explicit requirements.
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes supply-chain risk: nothing is downloaded or written by an installer. All behavior is driven by runtime instructions and included templates, which the agent will use if invoked.
Credentials
The skill declares no required env vars or external credentials (good), but the instructions read files under ~/.agent and ~/.pi (agent memory) and run system commands. Accessing agent memory paths is disproportionate relative to a neutral diagram generator and may expose private conversation context or stored tokens. The prompts also suggest optionally using external CDNs or an external 'surf' CLI to generate images; both could transmit content outside the user's environment if invoked. These data-access behaviors are not surfaced as explicit requirements in the metadata.
Persistence & Privilege
always:false (not force-included) and there is no install. The skill writes output to ~/.agent/diagrams and uses temporary workspace copies for sending then removes them — this is a modest, explained persistence model. It does not claim to modify other skills or system-wide config. Because the skill can be invoked autonomously by the agent (platform default), the combination of autonomous invocation + the file and memory paths accessed increases the surface for accidental disclosure; treat autonomous invocation as you would other powerful skills.
What to consider before installing
This skill mostly does what it says (reads a repo, runs git, and generates self-contained HTML reviews), but there are a few things to check before installing or enabling it:
- Privacy of agent memory: the prompts explicitly point the agent at files like ~/.agent/memory/... and ~/.pi/agent/memory/.... Those paths may contain private conversation history or other sensitive state. If you don't want the skill to read agent memory, don't enable it or remove those references from the templates.
- External calls are optional but possible: the skill will avoid external assets by policy, but references/libraries.md documents CDN usage and some prompts will call a local 'surf' CLI (surf gemini) to generate images. If 'surf' is present, it could send page content to an external image service. If you are concerned about sending repository contents externally, ensure surf is not installed or forbid the skill from invoking it.
- Conflicting guidance: SKILL.md requires 'fully self-contained' HTML, but the references include CDN snippets. If you need a guarantee of zero network contact, inspect templates and references and remove CDN imports; test the generator in an offline environment.
- File access and delivery: the skill saves to ~/.agent/diagrams and copies files into the agent workspace then runs a 'send' action. Confirm how your platform's 'message(action="send", filePath=...)' behaves (is the file uploaded to the cloud, kept local, or forwarded to third parties?). If unsure, run the skill on a non-sensitive test repo first.
- Least privilege: because the skill executes many git and file-read actions, only enable it in contexts where the agent is allowed to read the repository and home-directory memory. If you want the functionality but not memory access, edit the SKILL.md/prompts to remove any references to ~/.agent or ~/.pi paths.
If you want, I can produce a short list of edits to the SKILL.md (remove memory-path references, remove CDN examples, and add an explicit 'do not call surf' flag) so the skill is more privacy-preserving and internally consistent.Like a lobster shell, security has layers — review code before you run it.
latestvk97943s3m15n96s0k3e86qednn84r419
License
MIT-0
Free to use, modify, and redistribute. No attribution required.