ClawHub

EdrawMax Skills

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends diagram prompts to EdrawMax, downloads the returned diagram images, and saves them locally.

Install only if you are comfortable sending diagram descriptions to EdrawMax's external API. Avoid including secrets, private customer data, or confidential plans in prompts, and expect generated PNG/SVG files to be saved locally, normally under ./edrawmax_output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly performs outbound network operations to EdrawMax APIs and instructs downloading remote files, yet it does not declare permissions for those capabilities. This creates a transparency and governance gap: hosts or reviewers may not realize the skill can transmit user data externally or fetch content from the internet.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill description says it generates diagrams, but the actual behavior also includes downloading remote content and saving files locally. That mismatch is dangerous because users and security controls may consent to diagram generation without realizing the skill also performs secondary network retrieval and local persistence, which expands the attack surface.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger language is broad enough to match generic requests like 'visualize a process' or 'knowledge map,' which may cause the skill to activate unexpectedly. Unintended invocation can lead to unnecessary transmission of user prompts to a third-party service and actions the user did not specifically request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn users that their natural-language prompt will be sent to an external EdrawMax API. This is a privacy and data-handling issue because users may include sensitive project, business, or personal information under the assumption processing is local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference states that `user_id` is extracted from the `X-User-ID` header and shows generated assets being returned as OSS URLs, but it does not warn that user prompts and identity-linked metadata are sent to a third-party remote service and stored remotely. In an agent skill context, this can cause unintended disclosure of sensitive user content or identifiers because callers may assume processing is local or ephemeral.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal