Back to skill

Security audit

SVG Architecture Diagram

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent diagram-generation helper, with some disclosed network-related options that users should handle carefully.

Install only if you are comfortable using Playwright to render diagram HTML. Prefer local HTML files, avoid passing arbitrary remote URLs to the screenshot script, block or remove Google Fonts if you need fully offline rendering, and only use Telegram delivery after checking that the diagram contains no sensitive system names or architecture details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill documentation includes an external media-delivery command to Telegram, which expands the skill's effective scope from local diagram generation into third-party data transmission. If followed without explicit user consent, generated diagrams may be exfiltrated to an external service, potentially leaking sensitive architecture details, internal system names, or other confidential content.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The HTML imports a Google Fonts stylesheet from fonts.googleapis.com, which causes network access when the example is rendered. In a skill intended to generate local SVG/HTML and screenshot it, this creates unnecessary external dependency, leaks metadata such as IP/user agent/request timing, and can break reproducibility in offline or restricted environments.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The HTML imports a Google Fonts stylesheet from fonts.googleapis.com, which causes outbound network access when the diagram is rendered. In a skill intended for local, pure-SVG rendering and screenshotting, this creates unnecessary external dependency, leaks execution metadata such as IP/user-agent/timing, and can fail in restricted or offline environments.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script explicitly permits http:// and https:// inputs, even though the skill is framed as a local SVG/HTML-to-screenshot utility. Allowing remote navigation causes the Playwright browser to contact arbitrary external hosts, which expands the tool from local rendering into a general web-fetching capability and can expose the runtime to SSRF-like access, unexpected tracking, or retrieval of untrusted active content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Passing arbitrary URLs into page.goto gives this diagram utility an unnecessary remote browsing capability unrelated to its stated purpose. In an agent/tooling environment, that broadens attack surface significantly because untrusted input can cause outbound requests, load hostile pages in a browser context, and potentially interact with internal or authenticated network resources reachable from the host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs use of a command that can send media to Telegram without any warning or consent check around external transmission. In the context of architecture diagrams, this is risky because such diagrams often contain sensitive infrastructure relationships, service names, and topology details that should not be shared off-platform by default.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code allows remote URL input without any explicit notice that execution will contact external hosts when rendering. In this skill context, users reasonably expect local diagram screenshotting, so silent network access is a meaningful security and privacy issue and makes the behavior more dangerous because it is surprising and easy to misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.