Component Library Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a local, read-only frontend component audit helper with no evidence of network sharing, destructive actions, persistence, or credential access.

Install is reasonable if you want local component-library audit help. Run it from the specific project folder you want scanned, and review generated reports before sharing because they may include private file paths, component names, and source-derived findings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises very broad trigger phrases such as "audit our components," "check component quality," and "component library health," which can easily overlap with normal planning or discussion text. In agentic environments that auto-select skills from conversational intent, this increases the chance of unintended invocation, causing repository-wide code scanning and potentially exposing project structure or consuming resources without the user explicitly requesting this skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal