ClawHub

Sloth D2C Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Figma-to-code workflow that uses the Sloth CLI and helper agents to generate project code, with review-worthy but purpose-aligned permissions.

Install only if you trust the Sloth CLI/npm package and are comfortable giving it access to the target Figma file. Use a branch or disposable workspace, prefer least-privileged Figma credentials, and review generated files plus `.sloth` chunks before committing or sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s actual instructions describe a generic prompt-file reader and code conversion flow, while the manifest says it is a Figma/`sloth d2c` design-to-code skill. This mismatch can misroute the agent into processing arbitrary files or prompts under a misleading capability label, which weakens operator understanding and security review boundaries.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill instructs the agent to generate final code and write it into project files without explicitly requiring user confirmation that workspace contents will be modified. In an agent context with Write/Edit permissions, this can lead to unintended source changes, overwrites, or insertion of generated code into the wrong location, especially if the skill is triggered unexpectedly or run on an ambiguous request.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description and behavior are broad enough that the skill may be invoked for loosely related requests such as general code generation or file-based prompt execution. Overbroad triggering increases the chance the skill runs in unintended contexts, causing unauthorized prompt ingestion, confusion over scope, or unsafe handling of user-controlled files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal