为 Vibe coding 应用提供专业级站点设计的终极解决方案

Security checks across malware telemetry and agentic risk

Overview

This skill is a local design-template generator with some overstated or inconsistent feature claims, but I found no artifact-backed evidence of hidden access, exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with a local Python tool that writes DESIGN.md files. Treat its marketing claims cautiously: some advertised templates or examples may not work through the generator without editing the script, and some templates are much less complete than the five highlighted professional templates. Choose the output path carefully because the script can overwrite that file.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill makes strong claims about supported templates, bilingual capability, and output completeness that apparently do not match the underlying implementation. This can mislead users and downstream agents into trusting generated artifacts or coverage that do not actually exist, increasing the risk of incorrect outputs, unsafe assumptions, or misuse of custom config paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal