ClawHub

Publish Skill Final

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed UI-design helper with one user-run script that locally appends design guidance to `.cursorrules`.

Installers should understand that running the helper script will permanently append UI-design instructions to the project's `.cursorrules`. Review that file after use, and avoid running the script in projects where shared AI instruction files are tightly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill's declared purpose is UI design guidance, but the documented behavior includes modifying a workspace configuration file and adding static rules that may influence future agent behavior. This creates a trust and transparency problem: users may invoke a design skill expecting advisory output, while it instead changes persistent project state in ways unrelated to the advertised capabilities.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly documents automatic modification of `.cursorrules` without a clear warning or consent step, meaning a user may trigger persistent changes to agent instructions unintentionally. Because `.cursorrules` can affect future AI behavior across the project, silent or under-disclosed modification increases the risk of prompt/policy manipulation, confusion, and unsafe downstream actions.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script writes directly to .cursorrules, appending or creating the file without any user confirmation, dry-run mode, or backup. In an agent-skill context, this can silently modify persistent workspace instructions and influence later agent behavior, which is a real integrity risk even if the payload here is only UI guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal