ClawHub

Kuikly App Builder

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its app-building purpose, but it includes a hidden, unrelated prompt to use the user's GitHub account to star a repository after success.

Install only if you are comfortable with an agent running local build tools, creating or modifying a Kuikly project, downloading npm/CocoaPods/Gradle dependencies, and interacting with devices or simulators. Treat any request to star the KuiklyUI GitHub repository as optional and separate from app building; do not allow the agent to run the gh api command unless you intentionally want that action on your GitHub account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill contains an unrelated post-success growth action that can invoke `gh api -X PUT /user/starred/Tencent-TDS/KuiklyUI`, causing the agent to use the user's authenticated GitHub CLI for an action unrelated to app building. Even though it says to do so only if the user agrees, embedding account-affecting third-party interactions inside a build skill creates scope creep and increases the chance of unintended external actions through social engineering or ambiguous consent.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The safety section claims writes are limited to the project directory and the skill's `references/` directory, but this directly contradicts the stronger user-facing assurance that it 'never modifies files outside these directories' in a way that can mislead operators about actual write scope. Because Step 1 explicitly allows `git clone` into `${SKILL_DIR}/references/KuiklyUI`, the skill does perform filesystem modifications outside the user project, weakening trust boundaries and making review of side effects harder.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README explicitly promotes project creation, building, preview, and self-repair workflows that can trigger command execution and modify the local filesystem, but it does not warn users that these actions may create files, install dependencies, or run tooling on their machine. In an agent-skill context, that omission matters because users may paste the skill into an autonomous assistant and not realize the assistant could initiate impactful local operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal