core-web-vitals
Security checks across malware telemetry and agentic risk
Overview
This is a low-risk Core Web Vitals guidance skill with no executable code, installer, credential handling, persistence, or hidden data movement.
Safe to install for Core Web Vitals help. Be aware it can activate on broad page-speed wording and may read local project-context files to find a site URL, so avoid putting sensitive data in those context files if that matters in your workspace.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.