ClawHub
Back to skill

Security audit

AHA Mermaid Diagram

Security checks across malware telemetry and agentic risk

Overview

This is a Mermaid diagram documentation skill with no executable payload, but users should avoid its relaxed Mermaid security example for untrusted diagrams.

Use this as a Mermaid reference, but do not enable securityLevel: 'loose' for diagrams from users or other untrusted sources. Prefer Mermaid's safer defaults, pin CDN/package versions where practical, and verify the Mermaid CLI package before global installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill recommends Mermaid initialization with `securityLevel: 'loose'` as a normal HTML rendering option, but does not explain that this relaxes Mermaid's built-in protections around rendered content and interactions. In a skill explicitly focused on generating/rendering diagrams, users are likely to paste untrusted Mermaid text, so normalizing the unsafe setting increases the chance of scriptable or unsafe content being rendered in downstream HTML contexts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This section explicitly teaches users to enable HTML rendering with reduced Mermaid security controls and omits any warning that doing so should only be used with trusted content. Because the skill's purpose is to help produce diagrams for embedding in HTML, this context makes the issue more dangerous: users may copy-paste the configuration into apps or docs sites that render user-supplied diagrams, creating an avoidable content-injection risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal