ClawHub

ia-frontend-design

Security checks across malware telemetry and agentic risk

Overview

This skill is a design-guidance package for frontend work and does not show hidden execution, credential access, persistence, or destructive behavior.

Use this when you want a strongly opinionated frontend visual-design helper. It may influence layout, typography, motion, image placeholders, and dependency suggestions, so pair it with project-specific requirements and separate security, backend, or framework-testing guidance for those decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description and body authorize use for broadly defined frontend work such as pages, dashboards, and applications without clear exclusion boundaries or negative triggers. In agentic routing, this can cause the skill to activate in situations where visual-design guidance overrides more appropriate specialized skills or injects large amounts of prescriptive behavior, increasing prompt-scope creep and the chance of unsafe or irrelevant modifications.

Natural-Language Policy Violations

Low
Confidence
81% confidence
Finding
The instruction to vary themes, fonts, and aesthetics across generations imposes stylistic variation regardless of user preference or project consistency needs. While not a direct security exploit, it can push outputs away from established brand systems or user-requested conventions, causing requirement drift and making the agent less predictable in sensitive production workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal