drawio-flowchart

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward draw.io flowchart generator whose local file-writing behavior matches its stated purpose.

Install only if you want the agent to create local .drawio files. When using it, ask the agent to save into your workspace or a clearly named output folder, and confirm before overwriting an existing file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to write a generated .drawio file to the workspace or a user-specified path, which is a filesystem side effect. Without constraints such as limiting writes to a safe workspace directory, requiring confirmation for arbitrary paths, or warning about overwrite risk, this can enable unintended file creation or clobbering if a user supplies a sensitive path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal