Back to skill

Security audit

Canvas Poster

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local poster/dashboard PNG generator, with the main caution that it can write generated images to caller-provided file paths.

Install this only where a local PNG-generating skill is intended. Use explicit safe output paths, avoid letting untrusted input choose filenames or directories, and review generated business or financial content before sharing it externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README explicitly advertises very broad activation phrases such as "generate a poster", "create a dashboard", and "make an infographic", which can overlap with many ordinary user requests and cause the skill to be invoked outside narrowly intended contexts. In an agent environment, overly broad triggers increase the chance of inappropriate routing, accidental execution on untrusted input, and expansion of the skill's attack surface even if the package itself is not overtly malicious.

Vague Triggers

Medium
Confidence
89% confidence
Finding
README 将 Skill 的触发语写得较宽泛,如“生成海报”“做看板”“生成长图”,这些短语容易与普通对话或其他绘图/报告需求重叠,可能导致被自动错误调用。由于该 Skill 会生成图像并可能写入文件,误触发会放大不必要的工具执行、资源消耗和文件落地风险。

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests about posters, dashboards, long images, and chart generation, which can cause this skill to activate in contexts where a more specific or safer skill should handle the request. In an agent system, over-broad routing can expose internal capabilities unexpectedly, increase unintended data flow into the skill, and create confusion or misuse through incorrect tool selection.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README advertises very broad natural-language triggers such as 'generate a poster', 'create a dashboard', and 'make an infographic' for automatic skill activation. These phrases can easily overlap with ordinary user requests, causing the skill to be invoked when the user did not explicitly intend to use this package, which increases the risk of prompt/skill routing confusion and unintended file generation or processing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states broad trigger phrases like '生成海报', '做看板', '生成长图', and similar generic visualization requests will automatically invoke the skill. In an agent environment, overly broad activation conditions can cause the skill to run in unintended contexts, increasing the chance of unexpected file generation or use as a transitive dependency by other skills without clear user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad generic requests such as '生成海报', '做看板', and '生成图表', which can match many unrelated user intents and cause this skill to be invoked unexpectedly. In an agent setting, over-broad routing increases the chance of unintended file generation or downstream actions being performed in the wrong context, especially because this skill can also be called by other skills as a dependency.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation explicitly demonstrates writing image output to filesystem paths like '/tmp/my-poster.png' and '/tmp/poster.png' without warning that the skill modifies local storage. In an agent environment, silent file writes can surprise users, overwrite existing files, leak sensitive rendered content to shared temp locations, or be chained with other skills that consume those artifacts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.