Back to skill

Security audit

Wireframe

Security checks across malware telemetry and agentic risk

Overview

This is a local wireframing helper that creates SVG, HTML, or ASCII output files as expected, with no evidence of hidden network access, credential use, or persistence.

Safe to install if you want a local Bash-based wireframe generator. Use a dedicated output folder, avoid pointing --output at important existing files, and do not use untrusted labels, notes, titles, or SVG input in files you plan to open in a browser or publish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill repeatedly documents commands that write SVG/HTML files to disk using user-supplied output paths, but it does not warn that existing files may be created or overwritten. In an agent setting, this can cause unintended modification of workspace files or clobber important artifacts if the output path is reused or influenced by context.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.