Skills
skills/openclaw/skills/excalidraw/Gen Agent Trust Hub

excalidraw

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill demonstrates a high capability for command execution and permission modification, primarily through its setup.sh script and the explicit invocation of render.js in SKILL.md. While the external dependencies (Node.js packages and fonts) are sourced from generally trusted locations, the methods used to acquire and prepare them involve direct command execution, which could be exploited if the skill's instructions were altered or if a dependency was compromised.

Total Findings: 6

🔴 HIGH Findings: • COMMAND_EXECUTION

  • scripts/setup.sh:10: npm install
  • Risk: The skill executes npm install, which downloads and runs code from external sources. This grants the skill the capability to execute arbitrary code on the system. While the listed dependencies are common, a malicious actor could inject harmful packages or alter the package.json to install malicious code. • COMMAND_EXECUTION
  • scripts/setup.sh:20: python3 -c "..."
  • Risk: The skill executes arbitrary Python code. Although the provided code is for a benign font conversion, this demonstrates the ability to run any Python command, which could be used for malicious purposes. • COMMAND_EXECUTION
  • scripts/setup.sh:29: unzip -qo cascadia.zip -d cascadia_extract
  • Risk: The skill executes the unzip command on a downloaded archive. While the source is trusted, unzipping arbitrary archives can be a vector for path traversal attacks or resource exhaustion (zip bomb) if the source were to become untrusted. • COMMAND_EXECUTION
  • scripts/setup.sh:30: find cascadia_extract -name "CascadiaCode*.woff2" ... | head -1 | xargs -I{} cp {} "$FONT_DIR/CascadiaCode.woff2"
  • Risk: The skill executes a complex shell pipeline involving find, head, xargs, and cp. This demonstrates advanced command execution capabilities, which could be repurposed for malicious file manipulation or data exfiltration. • PRIVILEGE_ESCALATION
  • scripts/setup.sh:36: chmod +x "$SCRIPT_DIR/render.js"
  • Risk: The skill explicitly modifies file permissions to make render.js executable. While necessary for its function, this action demonstrates the ability to change file permissions, which could be abused to make other, potentially malicious, files executable. • COMMAND_EXECUTION
  • SKILL.md:10: node <skill_dir>/scripts/render.js /tmp/<name>.excalidraw /tmp/<name>.png
  • Risk: The core functionality of the skill involves executing a Node.js script with user-controlled input and output paths. This is a direct command execution. Although the paths are within /tmp, the script's ability to process arbitrary JSON and write files could be a vector for resource exhaustion or other local file system abuses if the JSON input is not properly sanitized by the render.js script itself.

🔵 LOW Findings: • EXTERNAL_DOWNLOADS

  • scripts/setup.sh:17: curl -sL "https://cdn.jsdelivr.net/npm/@excalidraw/excalidraw@0.17.6/dist/excalidraw-assets/Virgil.woff2"
  • Risk: Downloads a font file from cdn.jsdelivr.net. This is a trusted CDN for open-source projects. Downgraded to LOW/INFO. • EXTERNAL_DOWNLOADS
  • scripts/setup.sh:26: curl -sL "https://github.com/microsoft/cascadia-code/releases/download/v${CASCADIA_VERSION}/CascadiaCode-${CASCADIA_VERSION}.zip"
  • Risk: Downloads a font archive from github.com. This is a trusted source. Downgraded to LOW/INFO.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 11:48 PM