Back to skill

Security audit

HandDraw Skill

Security checks across malware telemetry and agentic risk

Overview

This skill coherently renders local SVG-based videos, with disclosed optional Edge TTS network narration, but users should avoid sensitive narration and untrusted SVG assets.

Install only if you are comfortable with npm/Python dependencies and FFmpeg. Treat narration as remote processing by Edge TTS, so avoid private or regulated text unless that is acceptable. Use trusted local SVG assets only; do not render third-party project files or SVGs without reviewing them first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The function explicitly uses Edge TTS, which sends narration text to an external online service. In a skill marketed as deterministic JSON-to-video generation, this introduces undeclared nondeterminism, privacy exposure, and dependency on a remote provider for user content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The renderer injects object.assetContent directly into the DOM with dangerouslySetInnerHTML, allowing untrusted SVG/HTML to execute in the browser context. In a skill that claims deterministic rendering from a JSON animation DSL, this broadens the attack surface substantially because embedded SVG can carry scriptable or active content, event handlers, external references, and markup that breaks isolation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Narration clip text is passed directly to a network-based TTS provider without any visible consent, warning, or data-classification guard in this file. If users include sensitive text, the skill may exfiltrate that content to a third party unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When narration is present, the CLI sends project.audio.narration text to synthesizeEdgeNarration, which implies transmission of user-provided content to an external Edge TTS service. This creates a real data-exposure/privacy risk because potentially sensitive project text leaves the local environment without any explicit consent, warning, or opt-in in this interface.

Unvalidated Output Injection

High
Category
Output Handling
Content
const visibleText = characters.slice(0, Math.ceil(characters.length * writeProgress)).join("");
    return <div style={{ ...style, width: object.width ?? 1200, height: "auto", fontFamily: narrative ? "Kaiti SC, STKaiti, KaiTi, serif" : "PingFang SC, Microsoft YaHei, sans-serif", fontWeight: narrative ? 500 : 700, fontSize: object.height ?? 48, lineHeight: 1.48, letterSpacing: narrative ? "0.08em" : "0.045em", color: narrative ? "#1c1917" : "#172033", textShadow: narrative ? "0.4px 0.4px 0 #a8a29e" : "0.8px 0.8px 0 #dbe3eb", whiteSpace: "pre-wrap" }}>{visibleText}</div>;
  }
  return <><div style={style} className="handdraw-svg" dangerouslySetInnerHTML={{ __html: object.assetContent ?? "" }} />{!narrative && <DrawingHand object={object} progress={draw} />}</>;
}

function SceneLayer({ scene, time, opacity, narrative }: { scene: PreparedProject["scenes"][number]; time: number; opacity: number; narrative: boolean }) {
Confidence
99% confidence
Finding
dangerouslySetInnerHTML={

Unpinned Dependencies

Low
Category
Supply Chain
Content
edge-tts>=7.2.0
Confidence
96% confidence
Finding
edge-tts>=7.2.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/check-environment.mjs:13

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/handdraw.mjs:14