ClawHub

prd-design-iteration

Security checks across malware telemetry and agentic risk

Overview

The skill appears useful for process/design prototyping, but it should be reviewed because it can collect and persist internal screenshots or HTML while also using public CDN code in generated prototypes.

Install only if you are comfortable with a design skill writing project artifacts and storing uploaded screenshots/HTML locally. Before using it, redact customer data, credentials, tokens, internal URLs, and proprietary details from screenshots or prototypes, and avoid opening generated prototypes with sensitive content unless CDN-loaded dependencies are replaced or pinned with stronger integrity controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template loads React, ReactDOM, Babel, and Tailwind directly from third-party CDNs at runtime, which creates a software supply-chain and dependency integrity risk. If any CDN asset is tampered with, unavailable, or replaced, any user opening the prototype could execute untrusted code in their browser; this is more concerning in an internal company workflow where prototypes may be widely shared and trusted.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase set is overly broad: terms like “改一下” and “or similar iteration requests” can match many ordinary user utterances that are not clearly requesting this specific skill. That raises the chance of unintended skill invocation, causing the agent to enter a structured file-writing and workflow-driving mode without sufficiently precise user intent, which can lead to confusion, wrong tool use, or mis-scoped modifications.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill explicitly instructs creation of `project/00-input/baseline.md` in the workspace but does not require user awareness or confirmation before modifying files. In an agent setting, silent file writes can violate user expectations, create unwanted artifacts, or be chained with later steps to alter project state without clear consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly asks users to upload current interface screenshots or HTML prototypes, but provides no warning to avoid including customer data, credentials, internal URLs, secrets, or other sensitive content. In an internal process-management context, screenshots and prototypes commonly expose confidential business information, making inadvertent data leakage a realistic risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to save uploaded screenshots into project directories without any safeguards, classification guidance, or warning that uploads may contain sensitive internal information. This increases the risk of persisting confidential data in generated artifacts, logs, or repositories where access controls may be weaker than the source system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal