Security audit

Canvs.io whiteboard

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill coherently helps an agent create and edit Canvs.io whiteboards, with no hidden code, persistence, credential use, or unrelated access.

Install this if you want an agent to create and edit collaborative Canvs.io whiteboards. Treat canvas contents and generated room links as shareable third-party service data, and avoid putting sensitive information in a board unless you understand Canvs.io sharing and privacy settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill advertises itself for very broad user intents like drawing, sketching, or visualizing anything, which can cause it to be selected for a wide range of otherwise unrelated requests. Over-broad invocation increases the chance of unnecessary third-party tool use and data exposure to Canvs when a more specific or local capability would suffice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal