ClawHub

Builder Site institucional

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent website builder, but it needs review because it can introduce third-party components, remote assets, and stock imagery beyond the client materials it claims to use.

Install only after reviewing the reference components you intend to use. Keep the agent scoped to a specific project folder, require approval before using 21st.dev, Spline, Unsplash, Pexels, Google-hosted fonts, or other external assets, and replace remote placeholder media with approved local/client assets before production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (58)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to call an external 21st.dev API to fetch additional components, even though the skill’s stated purpose is to build a site from client-provided materials and local references. This expands data flow and behavior beyond the declared scope, creating supply-chain and data-exposure risk if prompts or project context are sent to a third-party service without clear user consent.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The component hardcodes third-party network-loaded assets, including a Spline scene and a remotely hosted image, even though the skill is supposed to build sites from client-provided materials. This creates unreviewed outbound requests, leaks visitor metadata to third parties, and can introduce supply-chain or content-integrity risks if those external assets change or disappear.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The instructions explicitly tell the integrator to use stock imagery unrelated to the client's materials, which conflicts with the skill's stated purpose and can cause accidental inclusion of unlicensed, non-compliant, or brand-inappropriate content. In a client-materials workflow, this increases the chance of data mishandling and misleading deliverables.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The instruction to 'Fill image assets with Unsplash stock images you know exist' expands the skill beyond its declared purpose of transforming client-provided branding/materials into a site. That can cause the agent to fetch or fabricate external assets without user authorization, creating scope creep, licensing/compliance issues, and possible misrepresentation of client branding.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Explicitly directing the agent to use externally sourced Unsplash images authorizes behavior not justified by the skill's stated role and may trigger unapproved network/resource use. In this skill context, that is more dangerous because the manifest emphasizes building from client materials, so external sourcing conflicts with user expectations and can introduce legal, privacy, or provenance concerns.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The referenced file instructs the agent to integrate a password-confirmation component, which is materially unrelated to this skill's stated purpose of building institutional or landing websites from client reference materials. This kind of scope drift is dangerous because it can cause the agent to introduce authentication-like UI and password-handling logic into projects where it is not needed, increasing the chance of inappropriate collection, display, or processing of sensitive data.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This reference file is materially misaligned with the skill's stated purpose. Instead of helping create institutional sites in React/Vite/Tailwind from client materials, it instructs the agent to integrate a specific Next.js/shadcn component, which can cause the agent to scaffold the wrong framework, import incompatible APIs, and ignore the user's actual requirements. In an autonomous agent setting, this kind of instruction drift is dangerous because it can systematically redirect execution and produce broken or off-scope deliverables.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The setup text says the codebase only needs shadcn, Tailwind, and TypeScript support, but the embedded component imports Next.js-specific functionality such as next/link and uses conventions associated with a Next.js app. This mismatch can lead the agent to inject framework-incompatible code into a Vite/React project, resulting in build failures, unsafe automated modifications, and reduced reliability of generated code.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The dependency guidance is inconsistent with the actual code requirements: the component directly depends on Next.js APIs, so omitting Next.js from compatibility guidance creates a hazardous false assumption that the snippet can be dropped into a non-Next project. In this skill's context, that can mislead an agent into making invalid dependency changes or generating nonfunctional code for customer-facing sites.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference instructs use of Next.js-specific APIs (`next/image`, `next-themes`) inside a skill explicitly meant for React/Vite + TypeScript + Tailwind. This creates a framework-mismatch supply-chain/integration hazard: an agent following the instructions may introduce broken dependencies, incompatible runtime assumptions, and unintended architectural drift into the target project.

Description-Behavior Mismatch

Low
Confidence
78% confidence
Finding
The instructions tell the agent to fill assets with Unsplash stock images instead of prioritizing client-provided materials, which conflicts with the skill's stated purpose of building sites from customer references. This can cause unauthorized substitution of content, branding inconsistency, and accidental leakage of externally sourced assets into deliverables where client-specific assets were expected.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The component embeds hard-coded remote GitHub image URLs, causing generated sites to fetch third-party assets at runtime instead of relying on client-provided materials. This creates supply-chain and privacy risks: external resources can change, disappear, track users, or violate branding/content expectations without the site owner's control.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The instruction to fill missing images with stock imagery encourages the agent to introduce unapproved third-party content rather than using client-supplied assets. In a skill explicitly intended to transform customer reference materials into a site, this can lead to licensing, brand-integrity, and data-provenance issues, and it weakens user control over delivered content.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The reference component embeds a remote image URL from ui.aceternity.com instead of using project-local or client-provided assets. In a skill intended to transform client materials into a site, this can cause unintended third-party requests, privacy leakage via user IP/referrer, broken builds/runtime issues under restrictive image policies, and output that does not reflect supplied materials.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The instruction to fill assets with stock images conflicts with the skill's stated purpose of building sites from client-supplied reference materials. This can lead the agent to ignore provided assets, introduce licensing/provenance issues, and produce misleading or non-compliant deliverables that expose organizations to brand and legal risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is extremely broad ('SEMPRE' when the user wants to create a site, landing page, page web, etc.), making the skill likely to activate for many generic web-development requests outside its specialized scope. Over-broad activation can cause inappropriate tool use, unnecessary file exploration, and application of this workflow in contexts where the user did not intend a full material-ingestion site-building process.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Triggering merely because the user provides visual materials such as logos, palettes, or presentations is ambiguous and can fire unintentionally in unrelated workflows like design review, asset cleanup, or branding analysis. In this skill, that ambiguity is more dangerous because the workflow directs exhaustive exploration of user files and extraction of content from images, PDFs, and presentations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The evaluation prompts are broad enough that the skill may be invoked for very generic website-building requests, increasing the chance of over-triggering outside its intended scope. This can cause the agent to select this skill when a different workflow, framework, or user intent would be more appropriate, leading to incorrect task routing and unsafe assumptions about inputs and outputs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct installation and use of a third-party Spline component that fetches scene content from an external URL without warning that page loads will trigger outbound network requests. In the context of a site-building skill expected to transform client materials, silent third-party fetching is risky because it can violate privacy, compliance, and asset-control expectations.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The component includes an externally hosted image URL with no disclosure that browsers will contact a third-party CDN. While lower impact than executable third-party content, it still exposes user metadata, reduces control over content provenance, and can break or change unexpectedly.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The implementation steps are highly generic and include broad instructions such as copying code, installing dependencies, adding assets, and using substitute icons, which makes the skill applicable to many general development tasks beyond its institutional-site scope. In context, that broadness increases the chance the agent will act outside intended boundaries, especially when combined with the instruction to inject external assets.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The file begins with broad integration instructions such as integrating an existing React component into the codebase and determining project structure, without constraining when this component should actually be used. In an agent setting, ambiguous triggers can cause the skill to activate or inject code outside user intent, which is especially risky here because the component is unrelated to the website-building purpose of the skill.

Natural-Language Policy Violations

Low
Confidence
87% confidence
Finding
The instructions tell the agent to fill image assets with Unsplash stock images that it 'know[s] exist,' without requiring user approval or checking project policy. This can lead to unauthorized substitution of client-provided assets, policy noncompliance, licensing/process issues, or unexpected outbound content choices in environments where only approved brand materials should be used.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The file gives broad, unconditional integration directives like copying code into fixed directories and setting up specific tooling, without clear boundaries for when those instructions are appropriate. In an agent skill, vague applicability increases the chance of over-triggering and inappropriate code changes across unrelated projects, especially given the mismatch between the skill's institutional-site purpose and this Next.js component reference.

Vague Triggers

Low
Confidence
84% confidence
Finding
The file gives generic integration instructions that tell an agent to add and wire in a component with little gating about when it is appropriate, what environments are supported, or when the change should be avoided. In an agentic coding workflow, broad unconstrained instructions can cause unnecessary or unsafe modifications to a codebase, especially when the component assumes Next.js-specific APIs like 'use client' and 'next-themes' while the surrounding skill targets React/Vite projects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal