Shadcn Ui

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only shadcn/ui helper with normal frontend setup examples and no hidden data access or persistence found.

Install this skill if you want shadcn/ui guidance. Run the suggested npx/npm commands only inside the intended project and review generated file changes; expect possible over-activation on some generic UI requests because several triggers are broad.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad phrases such as "component library", "UI components", "dialog", "sheet", and "toast" that are common across many frontend tasks and not specific to shadcn/ui. This can cause the skill to activate outside its intended scope, steering an agent toward this skill's guidance when a more appropriate or narrower skill should be used, increasing the chance of incorrect code generation or context misrouting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal