Security audit

mermaid-canvas

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Mermaid diagram renderer, but it needs review because it renders user-controlled content with weak browser safeguards and can involve external services.

Install only if you are comfortable rendering diagrams through browser-based HTML that loads Mermaid from a CDN. Do not render confidential diagrams unless you can keep the workflow local, and require explicit approval before uploading to Feishu or using any remote rendering fallback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill claims to provide '安全语法规范', but its HTML template explicitly initializes Mermaid with `securityLevel: 'loose'`, which weakens Mermaid's built-in protections when rendering untrusted diagram content. In this skill, Mermaid code is user-provided and rendered inside a browser, so loose mode can increase exposure to script/HTML injection or unsafe link handling, making the contradiction materially dangerous rather than just documentation drift.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises direct upload to Feishu but does not state that rendered outputs may be sent to an external document platform, which can lead to unintentional data disclosure. Because diagrams may contain sensitive architecture, credentials, workflows, or business data derived from user prompts, silent upload behavior creates a real confidentiality risk.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The rendering flow loads Mermaid from a third-party CDN without warning, which introduces external network access, supply-chain exposure, and possible leakage of rendering activity/metadata. In a browser-based rendering path, fetching remote JavaScript is materially relevant to security and should be disclosed, especially for enterprise or restricted environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The fallback path transmits user-supplied Mermaid source to the external service mermaid.ink over the network, which can leak sensitive diagram content, credentials, architecture details, or internal business data embedded in diagrams. In this skill's context, Mermaid input is arbitrary user content and may easily contain confidential information, so silent third-party exfiltration is a real privacy and security risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal