ClawHub
Back to skill

Security audit

中文UI/UX设计智能

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese UI/UX design skill; its broad triggers may apply it more often than desired, but the behavior is disclosed and not high-impact.

Install this when you want Chinese-market UI/UX defaults such as Chinese fonts, local platform conventions, and localized color guidance. For global or non-Chinese products, be aware that its broad triggers may steer ordinary UI or frontend requests toward Chinese-localized assumptions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The activation rules are broad enough to match very common requests such as UI generation, frontend implementation, and review tasks. This can cause the skill to activate unexpectedly, steering responses toward its built-in assumptions and recommendations even when the user did not explicitly opt into this design specialization or locale-specific behavior.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metadata and description hard-code a Chinese language and localization context without making that scope an explicit user choice. If auto-activated, the skill may impose Chinese fonts, cultural color meanings, platform assumptions, and domestic UX conventions onto requests that are global or for other locales, creating inappropriate or biased outputs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very broad, everyday terms such as "设计", "UI", "UX", "界面", and "配色", which are likely to match many unrelated user requests. This can cause the skill to activate outside its intended scope, increasing the chance of prompt hijacking, unintended routing, or over-application of the skill in benign conversations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.