ClawHub

Md2mindmap

Security checks across malware telemetry and agentic risk

Overview

This is a normal Markdown-to-mind-map converter, but its generated HTML depends on third-party CDN scripts and PDF export uses Playwright/Chromium.

Install only if you are comfortable with a local converter that writes HTML/PDF files and whose HTML loads JavaScript/CSS from unpkg. Avoid using it for highly sensitive Markdown unless you vendor the assets locally or review the generated HTML first. Treat the publisher as the listed author rather than relying on the stray documentation footer that says OpenClaw Team.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill metadata declares required binaries and Python packages, and the usage clearly performs file input and output, but it does not declare permissions for reading input files and writing HTML/PDF outputs. That mismatch can mislead users and policy engines about what the skill actually does, reducing transparency and potentially allowing unintended access to local files or overwriting output paths.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The generated HTML loads JavaScript and CSS from external CDNs at runtime, so opening the output causes network access to third-party infrastructure and executes remotely supplied code in the browser. That creates supply-chain and privacy risk, and in the PDF path those scripts are also loaded by Playwright, extending trust to external resources for a local conversion tool.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
PDF generation launches a full Chromium instance and opens the generated HTML, which includes active JavaScript and remote dependencies. Rendering attacker-controlled markdown-derived content in a browser engine increases attack surface versus a pure text transformation tool, especially if the browser can access the network or local files during rendering.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The HTML loads JavaScript and CSS from third-party CDNs at runtime, which introduces a supply-chain and privacy risk for what is essentially a local document-rendering tool. If the CDN content is tampered with, unavailable, or blocked, the generated file can execute untrusted code or fail unexpectedly when opened.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Requiring outbound network access to third-party CDNs is not justified by the core function of converting markdown into a mindmap document, and it creates unnecessary exposure of user environment metadata plus dependency on remote code execution in the browser. In a document conversion context, users generally expect the output to be self-contained and safe to open offline.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documentation advertises PDF generation but omits that this likely uses browser automation via Playwright/Chromium and writes output files to disk. This is primarily a transparency and safety issue: users may not realize that a browser engine is launched and that files may be created or overwritten, which can cause unexpected side effects in restricted or sensitive environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal