ClawHub
Back to skill

Security audit

Brand Kit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed brand-asset generator that runs local rendering scripts and handles business contact details for expected deliverables, with some cleanup-command caution for users.

Install only if you want an agent to generate and modify brand-asset files in a project directory. Review business contact information before generation, use a trusted Edge executable if setting EDGE, and confirm any cleanup or rm command targets only generated assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Tainted flow: 'cmd' from os.environ.get (line 125, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
"--default-background-color=00000000", url
        ]
        try:
            subprocess.run(cmd, capture_output=True, timeout=timeout)
        except subprocess.TimeoutExpired:
            continue
        if os.path.exists(png_path) and os.path.getsize(png_path) > 0:
Confidence
91% confidence
Finding
subprocess.run(cmd, capture_output=True, timeout=timeout)

Tainted flow: 'cmd' from os.environ.get (line 508, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
"--default-background-color=00000000",
                        "file:///" + html_path.replace("\\", "/")
                    ]
                    subprocess.run(cmd, capture_output=True, timeout=t)
                    if os.path.exists(out_png) and os.path.getsize(out_png) > 0:
                        print("    OK: %s (%dx%d, %dB)" % (
                            fname, render_w, render_h, os.path.getsize(out_png)))
Confidence
91% confidence
Finding
subprocess.run(cmd, capture_output=True, timeout=t)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to read files, write files, inspect environment variables, and execute local scripts and shell-like operations, yet it declares no permissions or trust boundaries. This creates a capability/permission mismatch: a host may load the skill assuming it is documentation-only, while the skill actually drives filesystem and command execution behavior that could modify data, access sensitive paths, or invoke external binaries such as Edge.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly collects personal information such as name, phone, email, website, and address, then later performs bulk injection of that real information into generated SVG assets. Without a clear privacy notice, consent boundary, minimization rule, or handling guidance, users may provide sensitive data that is unnecessarily replicated across many files and exposed in deliverables or intermediate artifacts.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documented workflow includes deleting auxiliary files and copying outputs into Downloads without any user-facing warning, confirmation, or scope limitation. In an automated agent context, destructive cleanup and filesystem writes can remove useful artifacts or place sensitive branded materials in unintended locations, increasing the chance of data loss or disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The exemplar explicitly tells the operator to delete existing PNG files before rerendering (`rm旧PNG`) to force regeneration, but provides no safety checks, path constraints, backup guidance, or confirmation step. In an agent skill context, operational instructions that normalize destructive deletion can cause accidental data loss if the wrong directory, glob, or target set is used, especially when followed mechanically by automation.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **约束**: 
  - 按viewBox自动计算渲染尺寸(横版600×240、竖版400×480、纯图标480×480、商标945×945、名片1800×1080等)
  - 遍历02_商标注册~09_多媒体模板目录,跳过01_核心标志目录(已由render_svg_to_png.py处理)
  - **增量渲染强制刷新规则**:已存在的PNG自动跳过(增量渲染);但SVG内容变更后必须先`rm`删除旧PNG再重新渲染,否则旧PNG继续显示。必须强制刷新的场景:品牌文案变更、个人信息替换、颜色/渐变调整、形状/布局修改。流程:`rm <SVG同名>.png` → `python render_svg_to_png.py . --all --timeout 120`
  - Edge headless超时后自动切换`--headless`模式重试
- **格式**: PNG文件(30个VI系统+品牌规范+扩展应用PNG)
- **工具**: `scripts/render_svg_to_png.py --all`(一站式)或`render_batch_svg()` 函数
Confidence
88% confidence
Finding
rm`删除旧PNG再重新渲染,否则旧PNG继续显示。必须强制刷新的场景:品牌文案变更、个人信息替换、颜色/渐变调整、形状/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.