Back to skill

Security audit

Ui Design Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent UI design helper that uses bundled design data and only has minor scoping and file-output cautions.

Install if you want UI design-system and starter-page assistance. Before asking it to implement, specify the output folder and confirm overwrites; avoid running any PowerShell helper unless the actual script is present and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to generate runnable files on disk, but it does not require notifying the user or obtaining confirmation before creating or modifying workspace files. In an agent context, undisclosed file writes can surprise users, overwrite existing content, or create executable artifacts that are later trusted or run without sufficient review.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger patterns are broad enough to match many ordinary design-related prompts, which can cause the skill to activate when the user did not explicitly request it. In an agent system, unintended activation can steer responses, expose local datasets unnecessarily, or cause capability overreach beyond user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.