ClawHub

TeX Render

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LaTeX-to-image renderer with local file-output risks, but the artifacts do not show hidden, deceptive, exfiltrating, or destructive behavior.

Install this only if you want LaTeX in replies to be automatically rendered as images. Use the default output directory unless you intentionally choose another location, do not pass untrusted output paths, and review the npm dependency chain before running npm install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README instructs agents to invoke the skill automatically whenever a reply would contain LaTeX, without requiring user intent, cost/benefit checks, or scope limits. This can cause unnecessary tool execution and file generation on ordinary math/science responses, expanding attack surface and enabling prompt-triggered resource consumption or unintended side effects.

Vague Triggers

Low
Confidence
81% confidence
Finding
The example guidance says to use tex-render automatically for scientific or math questions and to avoid raw LaTeX, but it does not define exceptions or boundaries. Ambiguous trigger examples increase the chance the agent over-applies the skill, leading to unnecessary command execution, output generation, and inconsistent behavior across benign prompts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The automatic-trigger instructions are broad enough to activate on many ordinary math or science responses, causing the agent to invoke code and generate files even when the user did not request that behavior. This increases the chance of unnecessary tool execution, unintended file generation, and user-surprising behavior, especially in environments where tool use should be minimized or explicitly consented to.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill explicitly forbids asking for permission and requires automatic rendering and sending of images, removing user control over output format and forcing tool execution. In a tool-enabled agent, this can lead to unwanted file creation, higher operational risk, and reduced transparency because the agent is instructed to act without confirming user preferences at the moment of use.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Renders LaTeX math to PNG, JPEG, WebP, or AVIF (and SVG). Use when you need a **viewable image** from LaTeX instead of raw code.

**User notice:** When this skill is active, the agent will **automatically** render any LaTeX in its replies as images and send them in order—without asking for permission. If you prefer to be prompted or to receive raw LaTeX instead, do not enable this skill (or remove it from your workspace).

## Location
Confidence
88% confidence
Finding
without asking

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal