Chat Ui

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only React chat UI helper with visible user-run install commands that should be treated like normal third-party component installs.

Install this only in the project where you want these React chat components. Before running the npx commands, review the remote component registry output and consider pinning package versions where practical.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains very broad phrases such as "chat ui," "chat component," "message list," and "chat interface," which are likely to match many ordinary development requests beyond this skill's narrow scope. Overbroad activation can cause the wrong skill to be selected frequently, creating prompt-surface expansion and increasing the chance that unrelated user requests are routed into this skill unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal