Claude Skills A11y Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent accessibility auditing helper; its main risk is that the advertised auto-fix mode may edit project code and should be used with review.

Install is reasonable for local accessibility audits. Before using any `--fix` or agent-applied remediation workflow, run it on a branch, review diffs, and limit the scope to the files you intend to change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises '/a11y-audit --fix' to auto-apply changes but does not warn users that project files may be modified, backed up, or require confirmation. In an agentic environment, silent code modification can cause unintended edits, break builds, overwrite user work, or introduce risky bulk changes across a repository.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal