Security audit

Web Fixing

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only frontend debugging skill whose file-editing and optional test-install guidance fit its stated purpose.

Install this for structured frontend debugging help. Give it write access only in projects you intend to modify, review proposed code changes, and treat optional npm/npx setup as dependency installation to run in a trusted project environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation description is broad enough to trigger on many generic front-end or webpage requests, which can cause the agent to invoke this skill outside a tightly bounded scope. Over-broad routing increases the chance of inappropriate tool use or unintended modification workflows, especially because the skill includes edit/write and optional install actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal