Back to skill

Security audit

guidelines

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate HTML preview generator, but it can write and auto-preview user-influenced HTML with overly broad triggers and weak safety controls.

Review before installing if you work with untrusted prompts, copied requirements, or shared config files. Use explicit requests only, check the destination filename before generation, avoid auto-previewing untrusted generated HTML, and prefer adding HTML escaping, path validation, overwrite prompts, and an option to disable preview/CDN loading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are very generic (for example, common requests like making a list, query page, or management page), which increases the chance the skill activates when the user did not explicitly intend to invoke it. In an agent environment, unintended activation can cause surprising file generation or other side effects, especially because this skill creates artifacts in the workspace.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that the skill writes HTML files into the workspace and automatically opens them in the IDE, but it does not clearly warn users beforehand or require consent for these actions. Hidden or poorly disclosed side effects are risky because they can modify project state unexpectedly and render generated content without the user making an informed decision.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill auto-loads on very broad UI-related keywords such as '列表', '表格', '查询', '管理', '编辑', and '创建', which are common across many unrelated tasks. This can cause unintended activation of the skill, leading the agent to generate files or change workflow without explicit user intent, increasing the chance of unsafe side effects or prompt-routing mistakes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states it will generate HTML files and open them in an IDE preview, but it does not warn that this creates files and may load external resources such as the Remix Icon CDN in the preview. If user-controlled content is inserted into the generated HTML without escaping, previewing can also amplify risks like script injection or unintended network access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.