ClawHub

Uiverse Design

Security checks across malware telemetry and agentic risk

Overview

This is mostly a UI component library, but it includes a realistic third-party login page and an optional installer that downloads changing, unverified content from GitHub.

Install only if you are comfortable with a UI library that contains real-brand login mockups and an optional setup script that fetches unreviewed current content from GitHub. Do not copy the Instagram/Facebook-style form into any deployed page, and only run setup after reviewing or pinning the downloaded source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This component reproduces Instagram's recognizable login UI and branding inside a supposedly generic UI asset library, which creates a ready-made phishing template rather than a neutral design example. In the skill context, that is more dangerous because users can directly copy and deploy it as a credential-harvesting page with minimal modification.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The asset contains third-party impersonation elements, including Instagram branding and a Facebook login reference, without any legitimate need in a general-purpose UI learning repository. This increases abuse potential by giving attackers polished, trusted brand elements that can be reused for social engineering or phishing.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The setup script fetches and installs a large external repository at runtime from GitHub, which materially expands the skill's behavior beyond a static bundled UI library. This introduces a supply-chain and trust-boundary risk: the downloaded content can change over time, may not match the reviewed skill contents, and could expose users to unreviewed or unexpected files if they execute the setup script.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions include broad everyday keywords such as UI design, components, styles, dashboard, and similar terms, which can cause accidental activation in unrelated conversations. Overbroad activation is dangerous because it may steer the agent into suggesting shell-based setup or search actions in contexts where the user did not intend to invoke this skill.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill instructs the agent to immediately send a fixed first-run prompt, and the prompt is only in Chinese. This is risky because it overrides normal contextual response behavior, can confuse users in other locales, and nudges them toward installation of a larger remote-downloaded package before establishing informed consent in the user's language.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal