Skill Trust Decision

interactive-infographic

Name: interactive-infographic Trust Review Report
Item: interactive-infographic
Rating: 60
Author: ClawSafe

Skill contains hardcoded API key and undeclared data transmission with insufficient documentation about default credential usage.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 9

Artifacts 2

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

2 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

What drove the risk score up

Hardcoded fallback API key +15

Default API key '94a05d02-9ade-4d9d-9f39-88734d9e34b4' embedded in cw_client.cjs source code

Undeclared default credential behavior +15

SKILL.md security section vaguely mentions 'anonymous credential' but does not clearly explain its purpose or that it's hardcoded in source

External data transmission +10

User data including API key sent to pptx.chenxitech.site - documented but unclear scope

Most important evidence

Medium Credential Theft

Hardcoded fallback API key in source code

The file cw_client.cjs contains a hardcoded fallback API key '94a05d02-9ade-4d9d-9f39-88734d9e34b4' which serves as a default anonymous credential when the environment variable is not set. This credential is sent with every request to the backend.

scripts/cw_client.cjs:14

Remove hardcoded fallback credentials from source code. If anonymous access is required, implement it server-side without embedding credentials in client code.

Medium Doc Mismatch

Insufficient documentation of default credential behavior

SKILL.md mentions 'anonymous credential' in the security section but fails to specify that it is a hardcoded key embedded in source code. Users cannot make an informed decision about using this default versus providing their own key.

SKILL.md:120

Add explicit documentation specifying: (1) The exact default key value, (2) When this default is used, (3) Security implications of using anonymous credentials, (4) Why this is acceptable vs credential harvesting.

Low Sensitive Access

Non-obvious allowlisted domain

The host allowlist includes 'bpjwmsdb.com' which is not clearly related to the ContextWeave service. While the allowlist provides some protection, this domain warrants verification.

scripts/cw_client.cjs:38

Verify bpjwmsdb.com is a legitimate service endpoint. If unrelated, remove from allowlist to reduce attack surface.

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred WRITE

cw_client.cjs:exportCode writes diagram.cw to target path

Network Pass

Declared WRITE

→

Inferred WRITE

postJson() makes HTTP POST to allowed hosts

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess or exec calls found

Environment Pass

Declared READ

→

Inferred READ

Reads CONTEXTWEAVE_MCP_API_KEY and CONTEXTWEAVE_EDITOR_PROTOCOL

Suspicious artifacts and egress

Medium External URL

https://pptx.chenxitech.site

SKILL.md:177

Medium External URL

https://api.contextweave.site

cwmcp_config.example.json:2

Dependencies and supply chain

There are no structured dependency warnings.

File composition

9 files · 794 lines

JavaScript 6 files · 599 linesMarkdown 1 files · 180 linesJSON 2 files · 15 lines

Files of concern · 3

SKILL.md Markdown · 180 lines

Insufficient documentation of default credential behavior · https://pptx.chenxitech.site

scripts/cw_client.cjs JavaScript · 268 lines

Hardcoded fallback API key in source code · Non-obvious allowlisted domain

cwmcp_config.example.json JSON · 4 lines

https://api.contextweave.site

Other files · generate_contextweave.cjs · export_session_asset.cjs · edit_contextweave.cjs · export_contextweave_code.cjs · import_contextweave_code.cjs · _meta.json

Security positives

No shell execution or subprocess calls found - skill uses only Node.js standard library

Path traversal protection implemented with CWD validation and absolute path requirements

Host allowlist restricts network requests to known domains only

No obfuscation techniques (no base64, eval, or encoded strings)

No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

No persistence mechanisms (no cron, startup hooks, or backdoor installation)

No credential harvesting beyond declared environment variable

Explicit JSON output format reduces prompt injection risk