Fec Ui Design

Security checks across malware telemetry and agentic risk

Overview

This skill provides UI design guidance and an optional local design-system generator, with no evidence of credential access, network exfiltration, or hidden execution.

Install this if you want an agent to apply opinionated UI design guidance and optionally generate local design-system notes. Review the broad activation wording if you prefer very narrow skill routing, and only use --persist when you want it to create design-system markdown files in your project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest description uses very broad activation language such as building, reviewing, or improving frontend UI, along with many generic design-related tasks. In an agent-routing context, this can cause the skill to be selected for a wide range of ordinary frontend requests, increasing the chance of overreach, unintended prompt capture, or interference with more appropriate skills.

Natural-Language Policy Violations

Low

Confidence: 78% confidence
Finding: The manifest advertises Chinese-language triggers directly in the activation description without indicating that the user opted into Chinese routing or multilingual matching. This can broaden activation unexpectedly across locales and cause the skill to trigger based on language keywords alone, even when that is not the user's intended tool selection behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal