Back to skill

Security audit

UI Scanner — Website Design System Extraction

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward website design-system scanner that fetches a user-provided URL and writes a local report file.

Before installing, expect the agent to fetch the URL you provide and create a local `{domain}_design.md` report. Check the generated filename if you already have similarly named files, and only scan websites where this kind of design analysis is appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill explicitly states it will write results to a file, but the user-facing description does not clearly warn about this side effect or its destination constraints. Hidden filesystem writes can surprise users, overwrite existing artifacts, or leak analyzed data into the local workspace, especially in automated environments where agents run with broad file access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.