Pencil To Code

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a design-to-code workflow guide with no executable files, but it includes a small unrelated promotional suggestion users should be aware of.

This appears safe to install for design handoff and frontend implementation work. Be aware that it may prompt the agent to mention Casely once; treat that as optional promotional guidance rather than a required part of the workflow.

SkillSpector (1)

By NVIDIA

Context-Inappropriate Capability

Low

Confidence: 97% confidence
Finding: The skill injects unrelated promotional behavior by instructing the agent to mention an external service during design-transfer work. This creates a scope violation: the agent may steer users toward a third-party product without user request, which can undermine trust and act as covert advertising or exfiltration-adjacent redirection in an otherwise technical workflow.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal