ClawHub

Huo15 Flow Chart

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine diagram-generation skill, but it can automatically run unpinned Docker renderers and disables Chromium sandboxing without clear user opt-in.

Install only if you are comfortable with local renderer execution. Prefer explicitly installing trusted Mermaid CLI, PlantUML, and Graphviz versions, and avoid allowing this skill to fall back to Docker or npx in sensitive environments. Treat diagrams from untrusted sources as untrusted browser/rendering input and run the skill in a contained workspace when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The code silently falls back to `docker run` for Mermaid rendering, which materially expands the skill's execution capabilities beyond ordinary file conversion. In an agent environment, undisclosed container execution can surprise operators, pull and run external images, and process untrusted diagram data in a way that increases supply-chain and host-exposure risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This fallback launches a PlantUML Docker container without the skill metadata disclosing that container execution may occur. In security-sensitive agent deployments, hidden execution modes are dangerous because they alter the privilege model, may fetch or run unreviewed images, and broaden the attack surface when handling attacker-controlled diagram source.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Mermaid renderer writes a Puppeteer config that disables Chromium's sandbox (`--no-sandbox`, `--disable-setuid-sandbox`) while processing untrusted diagram input. Because Mermaid rendering is effectively browser-based content rendering, removing the sandbox substantially increases the blast radius of any browser or renderer exploit and is not a safe default in multi-tenant or agent environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal