vue-component-analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Vue component-dependency analyzer that reads local Vue source files to produce reports and does not show hidden installation, network, persistence, credential, or mutation behavior.

Install is reasonable for Vue projects, but use it on the specific repository or entry file you want analyzed and be aware it will read Vue source files to build the dependency map. Ask for output in your preferred language if needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad enough to overlap with common user requests about understanding Vue project structure, which can cause the skill to trigger in situations where the user did not explicitly ask for this specialized analysis. Over-broad triggering increases the chance of unintended tool invocation, unnecessary repository inspection, and context hijacking within normal development conversations.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill metadata and content are written to operate in Chinese without offering language flexibility or stating that output should follow the user's preferred language. This can cause mismatched-language responses, reducing transparency and making it easier for users to misunderstand what files are being analyzed or what the skill is doing.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal