Component Testing

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward frontend component-testing guide with no executable code or hidden high-impact behavior.

Reasonable to install for frontend component testing. Be aware the detailed instructions are primarily in Chinese, and review any generated tests as normal code changes before committing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill content from the title through all instructions is written in Chinese, while the metadata description is in English and does not state that the skill is intentionally Chinese-only or provide any opt-in language choice. This can violate language/locale policy because it effectively constrains outputs and guidance to a specific language without documented user consent or justification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal