ClawHub

Mysteel_ChartGeneration

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate charts, but it asks the agent to persist API keys, send chart data to an external service, and use an automatic AI-generated Python execution mode.

Install only if you are comfortable sending chart prompts and data to the provider. Do not store real API keys in project files; use a secret store or environment variable. Avoid sensitive, regulated, or proprietary datasets unless the provider is approved for them, and do not enable any automatic AI-generated Python execution unless you understand the sandbox and can review or disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to create and populate an api_key.md file and then read that secret for outbound requests. This makes the agent handle long-lived credentials on disk, which expands the attack surface, risks accidental disclosure through logs or workspace access, and goes beyond simple chart rendering.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documentation says the AI may infer or generate data when none is provided, which can cause fabricated content to be presented as if it were factual analysis. In a chart-generation context, this is dangerous because users may rely on invented market or business data in reports or decisions without realizing it is synthetic.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The generated HTML loads ECharts from a public CDN, which introduces external network access and a supply-chain dependency into a skill whose primary purpose is local chart rendering. If the CDN is unavailable, blocked, or serves compromised content, the generated report may fail to render or execute attacker-controlled JavaScript in the user's browser.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger condition is broad enough that ordinary requests about reports, visualization, or analysis illustrations may activate the skill unexpectedly. Because the skill can read local files and perform authenticated external calls, accidental invocation increases the chance of unintended data handling or transmission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly reads an API key and sends it in a request header but does not provide a clear warning about credential handling, external transmission, or privacy implications of sending user data to a third-party service. That omission undermines informed consent and can lead to sensitive business data being transmitted off-platform without adequate notice.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to send a required authentication token together with task text and optional data to an external API endpoint, but provides no warning about handling secrets, sensitive business data, or third-party disclosure. In a chart-generation skill, users may submit proprietary datasets or internal metrics, so the absence of data-handling guidance increases the risk of credential leakage and unintended exfiltration.

Missing User Warnings

High
Confidence
98% confidence
Finding
The STRICT mode description says the AI generates Python code for data transformation and that this code is automatically executed. Automatic execution of model-generated code is a serious risk because crafted prompts or malicious data could influence generated code paths, potentially leading to remote code execution, data access, or unsafe processing if the runtime is not strongly sandboxed.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal