UI Scanner — Website Design System Extraction

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it fetches a user-provided website and writes a local design-spec Markdown file.

Install only if you are comfortable with the agent fetching the website URL you provide and creating a `{domain}_design.md` file. Avoid giving it private internal URLs or sensitive pages unless you intend that content to be fetched and summarized locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to fetch arbitrary website content and write a derived file to local storage, but it provides no user-facing warning or confirmation step for either network access or file creation. This can cause unexpected outbound requests and unintended local side effects, especially if a user supplies sensitive internal URLs or is unaware that artifacts will be persisted on disk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal