Security audit

Vue3 Composition API 助手

Security checks across malware telemetry and agentic risk

Overview

This is a static Vue 3 coding reference with no executable code, hidden access, or privileged behavior.

Safe to install from a security perspective. Treat it as community coding guidance: review snippets before production use, add VueUse only when your project needs it, and remember that browser storage and clipboard examples can affect user-facing app behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill activates on very broad triggers such as any mention of Vue3, script setup, or Composition API, which can cause it to engage outside a narrowly intended scope. Over-broad activation can hijack unrelated conversations, bias responses toward this skill's conventions, and reduce adherence to user intent or higher-priority contextual requirements.

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: The description and usage conventions are written to enforce Chinese-language content without indicating that the assistant should respect the user's preferred language. This can override user expectations, create prompt-steering behavior, and cause the skill to respond in an unintended language even when the surrounding session is in another language.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal