Back to skill

Security audit

Ui Prototype Wireframe Cellcog

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed UI prototyping helper that uses CellCog to generate hosted interactive prototypes, with no artifact-backed evidence of hidden or destructive behavior.

Before installing, treat prompts, uploaded assets, mock data, branding, and generated live prototype URLs as potentially shareable with CellCog or stakeholders. Do not include production secrets, real customer data, or confidential plans unless you are comfortable with the service's access and hosting model, and store CELLCOG_API_KEY as a normal environment secret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes generating interactive HTML prototypes that are hosted on live URLs and shared with stakeholders, but it does not warn users that any prompt content, mock data, branding, screenshots, or internal workflow details they provide may be exposed through publicly accessible artifacts. In a prototyping context, users are especially likely to include confidential product plans, customer data, or internal UI concepts, so the omission creates a meaningful confidentiality risk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The setup instructions tell users to set CELLCOG_API_KEY but provide no guidance on secure credential handling, which can lead users to paste secrets into prompts, commit them to source control, or expose them in shell history and logs. While this is a weaker issue than direct secret exfiltration logic, it still increases the likelihood of accidental credential leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.