ClawHub

Shadcn/Ui Complete Documentation

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only shadcn/ui skill; it includes examples that can modify projects or handle tokens if followed, but the skill itself does not execute code or hide behavior.

Install only if you want static shadcn/ui documentation available to your agent. Treat command snippets and MCP prompts as examples that can change your project: review diffs, use trusted registries, keep .env files out of version control, avoid production secrets in examples, and be cautious with registry items that write outside the project directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation explicitly shows `envVars` examples containing sensitive names like `DATABASE_URL` and `OPENAI_API_KEY`, and states these values are written into `.env.local` or `.env`. In a UI component documentation context, normalizing the insertion of credential-bearing variables into local env files increases the risk that users copy secrets into generated files without adequate review, potentially exposing them through source control, local compromise, or misuse of the registry mechanism.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The universal item examples document writing arbitrary files directly into user home-directory targets such as `~/.cursor/rules/custom-python.mdc` and `~/.eslintrc.json`. For a UI library skill, demonstrating installation into global user configuration locations is unusually powerful and can modify developer tooling behavior outside the project boundary, creating a supply-chain and persistence risk if a registry item is untrusted or swapped for malicious content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to configure authenticated private registries with headers populated from environment variables and states that variables are automatically expanded, but it does not warn about the risk of transmitting secrets to arbitrary or misconfigured registry endpoints. In a CLI-driven supply-chain context, this can lead to credential exposure if users point registries at untrusted domains, if templates are tampered with, or if logs/debug output capture expanded headers.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation explicitly encourages users to let an AI assistant install components directly into their project via natural-language prompts, but it does not warn that this can modify source files, add dependencies, or fetch code from configured registries. In an MCP context, that omission increases the chance of unintended code changes or supply-chain exposure, especially when third-party and private registries are supported.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example prompts tell the assistant to add components and create forms in the user's project without warning that these actions can write files, alter configuration, and install packages. Because the skill is specifically about an MCP server that bridges an AI assistant to registries and the shadcn CLI, these examples normalize autonomous project modification without informed consent safeguards.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The authentication section instructs users to place registry secrets into environment files but does not warn about protecting those credentials, avoiding commits, or scoping tokens minimally. In documentation that also supports private registries and AI-integrated tooling, missing secret-handling guidance can lead to credential leakage through source control, logs, or workspace sharing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation includes a hard-coded cookie secret (`"s3cr3t"`) in a server-side session configuration. In practice, users often copy-paste examples directly; if this placeholder is not clearly marked as insecure and replaced, attackers who know the secret could forge or tamper with signed session cookies, undermining session integrity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly recommends query-parameter token authentication and even shows the resulting URL containing the token, but it does not warn that secrets in URLs are commonly exposed via server logs, browser history, analytics, reverse proxies, referrer headers, and shared terminals. In a documentation skill, this is dangerous because readers may copy the pattern directly into production systems, normalizing an insecure authentication design.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The docs describe adding environment variables, including secret-like entries, into `.env.local` or `.env` without a strong security warning beyond a brief note about not using production variables. That is insufficient because even development credentials and database URLs are sensitive, and users may treat the example as endorsed safe practice for automated insertion.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The universal item examples show direct modification of `~/.cursor/rules` and `~/.eslintrc.json` without an explicit warning that these are global user configuration files. This weakens safe usage expectations and may lead users to apply registry items that silently alter editor, linting, or other tooling behavior beyond the intended project scope.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly recommends passing authentication in a `token` query parameter, which can expose credentials through browser history, server/access logs, analytics tooling, proxy logs, shared URLs, and `Referer` headers. Although the page notes to encrypt and expire tokens, it does not warn that URL-based tokens are inherently leak-prone, so implementers may deploy an unsafe authentication pattern for registry access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal