ClawHub

Browser Canvas Poetry

Security checks across malware telemetry and agentic risk

Overview

This is a creative browser-art guidance skill with optional media and web examples, and the reviewed artifacts do not show hidden execution, credential use, persistence, or destructive behavior.

Install this if you want a Chinese-forward browser-art and creative-coding prompt skill. Review generated demos before running them, especially examples that request microphone, camera, file upload, external CDN/API, or registry access, and do not provide wallet, payment, or sensitive credentials unless a future version clearly explains why they are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill content is written entirely in Chinese and defines the agent’s persona, feedback, and collaboration style without offering any user language choice or stating a justified locale restriction. This can cause user exclusion, misunderstanding of guidance, and degraded consent/clarity in interactions, especially when evaluations, emotional cues, and project feedback are central to the skill’s operation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly promotes microphone-based audio capture via `source: 'microphone'` and `audio.start()` but does not mention browser permission prompts, consent flow, data handling, or privacy implications. In a reusable component library, this omission can lead integrators to ship microphone access features without adequate user notice or safeguards, increasing privacy and trust risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal