ClawHub
Back to skill

Security audit

EasyEDA Schematic

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate EasyEDA schematic automation skill, but it can modify live design files and create local artifacts, so users should install it only when they want that CAD workflow automated.

Install this only if you trust the external easyeda-agent installer and want an agent to operate on active EasyEDA projects. Review the installer first, be careful with implicit activation, disable or account for daemon autosave if you need manual save control, and avoid using snapshot or lint-baseline history for confidential designs unless the local storage location is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exercises powerful capabilities including shell execution, file read/write, environment access, and network use, but does not declare permissions or boundaries up front. That creates a transparency and governance gap: operators may invoke a skill that can mutate files, access external resources, and execute local commands without an explicit capability contract, increasing the chance of unintended data exposure or destructive actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared description presents a schematic-automation skill, but the body also performs broader behaviors: external network queries, cross-skill cache mutation, git/history management, snapshot export/storage, and offline lint/history workflows. This mismatch is dangerous because users and policy engines may approve the skill for limited CAD automation while it also writes persistent data, talks to external services, and modifies repositories, expanding attack surface beyond expected scope.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a schematic automation skill, but this reference expands its documented capability set into PCB and board-management operations. That creates a scope mismatch that can cause an agent or operator to invoke actions affecting PCB documents or board bindings that were not expected under the advertised trust boundary, increasing the chance of unintended cross-document modification or disclosure.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
Documenting `document.open` as able to open arbitrary documents, including PCB, exceeds the stated schematic-focused scope of the skill. Even if this is only a navigation action, it broadens access expectations and may let an agent pivot into unrelated project artifacts, undermining least-privilege assumptions for users who selected a schematic-only skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation with no visible trigger constraints, which can cause the agent to invoke EasyEDA schematic automation without sufficiently explicit user intent. Because this skill can modify the active schematic and save/export artifacts, accidental or prompt-manipulated activation could lead to unintended design changes, data disclosure, or destructive workflow actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists full live schematic snapshots to a predictable directory under the user's home folder and can additionally commit them into a git repository, creating a durable local history of project design data. In the context of an automation skill, this can expose sensitive IP, customer designs, or internal project metadata to other local users, backups, sync tools, or accidental repository publication, especially because the behavior is not clearly disclosed at runtime.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file exposes destructive helpers like `delete()` and `clear_wires_flags()` that can remove components, wires, and flags immediately with no confirmation, dry-run, scope check, or undo guard. In an automation skill, that materially increases the chance that an LLM mistake, prompt injection, or malformed upstream instruction causes irreversible schematic damage or loss of engineering work.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.