ClawHub

ui-designer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only UI design workflow skill whose file creation and optional web search are disclosed and aligned with producing design deliverables.

Installers should expect this skill to guide UI design work, optionally search for inspiration with consent, and create HTML/Markdown files under /workspace/projects/workspace/output/ui-design/. Review existing files in that folder before running it if overwrites matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match ordinary design-related conversation, which can cause the skill to activate when the user did not explicitly request this workflow. That increases the chance of unnecessary tool use, web search, or file generation under an overly aggressive routing policy. In this context, the risk is real but moderated because the skill is focused on UI design rather than privileged system actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs writing multiple artifacts into workspace paths but does not clearly require user consent or warn that files will be created or overwritten. This can lead to unexpected filesystem side effects, accidental overwrites, or persistence of generated content without the user's awareness. The context makes it somewhat more concerning because the workflow explicitly produces several output files across multiple stages.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal