Security audit

Wireframe

Security checks across malware telemetry and agentic risk

Overview

This is a local wireframing helper that creates SVG, HTML, or ASCII output files as expected, with no evidence of hidden network access, credential use, or persistence.

Safe to install if you want a local Bash-based wireframe generator. Use a dedicated output folder, avoid pointing --output at important existing files, and do not use untrusted labels, notes, titles, or SVG input in files you plan to open in a browser or publish.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill repeatedly documents commands that write SVG/HTML files to disk using user-supplied output paths, but it does not warn that existing files may be created or overwritten. In an agent setting, this can cause unintended modification of workspace files or clobber important artifacts if the output path is reused or influenced by context.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.