ClawHub
Back to skill

Security audit

Scheme Generation Design Writing

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed document-generation helper, but its setup guide tells users to weaken Figma HTTPS security while handling Figma tokens and design data.

Install only if you will point it at a deliberately limited project folder and are authorized to process those materials. Do not follow the guide's advice to disable SSL/TLS verification for Figma; use proper certificate or proxy configuration instead. Keep the Figma token read-only, protect the .env file, and treat the generated project index and output documents as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The examples expand the skill from the declared scope of historical materials plus Figma into direct analysis of local image files and, elsewhere, PDF-based design inputs. This scope drift is security-relevant because users and integrators may grant broader file-access or processing permissions than intended, causing the agent to ingest unreviewed local content outside the published trust boundary.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The FAQ states support for PDF and other non-Figma design draft formats that are not described in the skill metadata. Undocumented input channels increase risk because they can lead to unexpected document ingestion, over-broad deployment assumptions, and bypass of review controls that were based on the narrower manifest.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The manual explicitly instructs users to modify the dependent Figma client to disable TLS certificate verification and suppress insecure-request warnings. This enables man-in-the-middle interception of Figma traffic, including design data and bearer tokens, and is not justified for a document-generation skill whose purpose does not require bypassing transport security.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes analysis of historical project materials and Figma design content, which commonly contain confidential product plans, customer data, internal design systems, or unreleased features, but it provides no warning, data-handling guidance, or redaction expectations. In a skill designed to ingest and summarize sensitive design artifacts, omission of privacy and confidentiality safeguards increases the likelihood of accidental exposure or inappropriate processing.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger conditions are broad and include generic terms such as 'design doc' and 'design proposal', which can cause the skill to activate in unrelated conversations. Overbroad activation is risky here because the skill can access local historical project files and external design content, so accidental invocation could expose sensitive data or cause unintended file operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to read historical project files and Figma content, both of which commonly contain confidential product, customer, or design information, but the markdown does not provide a clear privacy warning or data-handling disclosure. In this context, the missing warning is significant because the workflow encourages bulk ingestion and indexing of prior projects, which can centralize sensitive metadata and broaden exposure if misused or mishandled.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples describe reading project documents and generating Word files in an output directory without warning that the skill will access potentially sensitive source materials and write artifacts to disk. In an enterprise design-doc workflow, historical project documents commonly contain confidential product plans, so silent read/write side effects can expose or replicate sensitive information unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Figma-link and local-design-file examples omit privacy and data-handling warnings even though they involve ingesting external design content and local files. This is dangerous because design artifacts often contain proprietary UI, product roadmap details, or embedded identifiers, and users are not clearly told that this content will be parsed and incorporated into generated documents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide encourages reading historical project materials, local design files, and Figma links, which can contain proprietary or personal data, but it does not warn users about confidentiality, authorization, or external data handling. In a design-document generation skill, this omission can lead to unintentional ingestion and propagation of sensitive content into generated outputs or downstream tools.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation states that Word documents will be automatically written to a configured output directory, but it does not warn about file creation, naming collisions, or overwrite behavior. This can cause accidental data loss or unexpected artifact creation, especially when output paths are shared or reused across projects.

Missing User Warnings

High
Confidence
99% confidence
Finding
The guide tells users to disable HTTPS/SSL validation without any warning about the security consequences. That turns certificate failures from a protective signal into silent acceptance, making credential theft and response tampering much easier in hostile or misconfigured networks.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The instructions direct users to place a long-lived Figma personal access token into a `.env` file but provide no guidance on secret protection, file permissions, rotation, or exclusion from source control and backups. While storing a token in environment-style configuration can be acceptable, the lack of handling guidance increases the chance of accidental credential exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.