Frontend Agent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Chinese-language frontend development helper with no evidence of hidden code, credential access, persistence, or destructive behavior.

Install this if you want a Chinese-oriented frontend development helper. Be aware it may activate on broad frontend requests and may answer in Chinese unless your agent or the skill is configured to follow the user's current language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The activation phrase guidance is very broad: generic user requests like "前端开发" or "帮我写个 React 组件" are common in normal conversation and can trigger the skill without clear user intent to invoke it. This creates prompt-routing ambiguity and increases the chance the agent applies this skill in inappropriate contexts, potentially overriding more suitable safety, policy, or domain-specific handling.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill metadata and instructions are written to operate in Chinese by default, which can force a language switch without user consent. While not a code-execution issue, this can degrade usability, cause misunderstandings, and in security-relevant interactions increase the risk that the user misses important warnings or confirms actions they did not fully understand.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal