Back to skill

Security audit

Mermaid Renderer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Mermaid diagram renderer, with a disclosed but privacy-relevant image export/upload mode.

Install this if you need Mermaid rendering and are comfortable with local Python rendering tools. Use terminal ASCII mode for sensitive diagrams, and only request PNG export when you are comfortable with creating a local image and the documented BOS upload behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes shell-capable execution paths (`python3.11 -m termaid` and `scripts/render.py`) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can execute local commands, increasing the risk of unintended code execution pathways or insufficient review.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The image-export trigger includes broad everyday terms such as '导出' and '保存为文件', which can cause the skill to switch from harmless terminal rendering into file-writing/upload behavior without sufficiently explicit user consent. That ambiguity increases the chance of unintended side effects, especially when the export path also involves creating PNG files and uploading them externally.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that image mode will generate a PNG file and upload it to BOS, but it does not clearly warn the user about file creation or external data transfer. This is dangerous because Mermaid diagrams may contain sensitive business logic, architecture, or identifiers, and users may unknowingly cause that content to be persisted locally and exfiltrated to remote storage.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.