Back to skill

Security audit

frontend-design-super

Security checks across malware telemetry and agentic risk

Overview

This is a normal frontend design and project-scaffolding skill, with expected npm-based setup risks but no evidence of hidden or malicious behavior.

Install only if you want a frontend scaffolding/design helper. Before running an init script, review the script for your framework, use a fresh project directory, and remember that npm/npx @latest will fetch and execute current third-party packages. Replace the sample privacy/security marketing copy before using the generated content in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill metadata and top-level description understate its operational behavior. Beyond offering design guidance, it instructs the agent to run shell scripts, scaffold full projects, install third-party npm packages, and invoke remote CLIs such as shadcn, shadcn-vue, Vercel, and Nuxt tooling. This mismatch is dangerous because it can cause an agent or user to authorize code execution and dependency installation under the assumption that the skill is only a static UI-generation helper, expanding the attack surface to supply-chain and arbitrary setup actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically executes multiple package installation and code-generation commands from the network (`npm create vite@latest`, several `npm install` calls, and `npx shadcn@latest add ...`) without any confirmation prompt, pinning, integrity verification, or clear warning to the user. This creates a supply-chain risk because remote package contents and generated code can change over time, and users may run the script assuming it only performs local scaffolding.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script performs several network-backed actions (`npm create vite@latest`, multiple `npm install` commands, and `npx shadcn-vue@latest init`) that download and execute third-party package code without any explicit warning, pinning, or integrity controls. In an agent skill context, this is riskier than a normal developer shell snippet because users may run it as a trusted setup step, giving remote package lifecycle scripts an opportunity to execute arbitrary code if a dependency or package name is compromised.

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
The feature copy states an absolute privacy promise: 'Your data stays yours. We never train on your content.' Absolute guarantees in product marketing can create legal, compliance, and trust risk if any backend logging, analytics, support access, or future model-training exception exists. In a frontend site template, this language is especially risky because it is meant for public-facing reuse and may be copied into production without legal review.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The FAQ uses absolute assertions such as '100%', 'end-to-end encryption', 'never sell your data', and 'never train our models on your personal content.' If these statements are inaccurate or only partially true, users may be misled into unsafe reliance and the organization could face regulatory, contractual, or consumer-protection exposure. Because this is templated FAQ content for a production-grade marketing site, the chance of unreviewed deployment is higher.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.