ClawHub

Anthropic Frontend Design

Security checks across malware telemetry and agentic risk

Overview

This is a coherent frontend design helper with local reference search and optional design-document output, with no evidence of hidden exfiltration or destructive behavior.

Install if you want a frontend design assistant that uses bundled local design references. Be careful with --persist and --output-dir: write only into a project workspace or dedicated folder, and avoid sensitive directories. Treat the style data as design inspiration, not policy-quality accessibility or inclusion guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes a local script and the associated capability set includes file read and file write behavior, but the skill does not declare permissions or clearly bound those operations. That creates a trust and review gap: users may invoke a design skill expecting presentation guidance, while it can access local knowledge bases and persist output files without explicit consent or sandbox expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a frontend design assistant, but its documented behavior includes local knowledge-base search, ranked retrieval, report generation, and optional filesystem writes. This mismatch is dangerous because it obscures real operational behavior from users and reviewers, increasing the chance of unintended data access, unexpected file modification, and overbroad trust in a seemingly harmless design-focused skill.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The persistence logic writes generated content to attacker-influenced filesystem locations via output_dir, project_name, and page-derived filenames without meaningful sanitization or confinement. In an agent context, untrusted prompts or tool inputs could cause arbitrary file creation or overwrite within the executing user's accessible filesystem, which expands the skill from content generation into local project modification.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The Airline row includes AI-related keywords such as "ai," "artificial-intelligence," "automation," "machine-learning," and "ml," even though the product type is Airline. In systems that rely on keyword matching to infer product category or generate downstream behavior, this can misclassify airline requests as AI/automation products, producing incorrect design, routing, prompts, or policy handling.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
This row uses age-based exclusionary guidance ('elderly') in the 'Do Not Use For' field instead of describing objective usability constraints such as contrast sensitivity, motion sensitivity, or familiarity requirements. In a frontend-design skill, this can propagate discriminatory product guidance into generated UX decisions and normalize excluding users based on age rather than accessibility needs.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The row explicitly lists 'elderly users' as an excluded audience for a cyberpunk style, which is an unjustified demographic restriction rather than a design limitation. Because this file is meant to guide interface generation, the wording may cause downstream systems or users to make discriminatory design choices under the guise of style recommendations.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This entry uses age-based exclusionary language in applicability guidance rather than describing the actual UX risks, such as low familiarity, readability, or brand mismatch. In a design skill, such language is risky because it embeds biased audience segmentation into reusable guidance that may be copied directly into product decisions.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The vaporwave row includes an age-based exclusion that is not technically justified and should instead describe concrete issues such as motion load, contrast limitations, or appropriateness for formal contexts. This is harmful because the dataset is operational guidance for design generation, increasing the chance that age bias is systematized in produced interfaces or recommendations.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The row flags an age group instead of articulating why kinetic typography may be unsuitable, such as motion sensitivity, readability burden, or cognitive load. In this skill context, that makes the issue more significant because the CSV serves as a design knowledge base and could steer generated output toward discriminatory assumptions.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This row uses age-based exclusionary wording for RGB split effects instead of objective criteria such as visual strain, readability degradation, or accessibility sensitivity. Since the file informs production-grade frontend design choices, the biased phrasing can directly influence exclusionary product recommendations and undermine inclusive design practices.

Natural-Language Policy Violations

Low
Confidence
90% confidence
Finding
Rows 28–30 contain malformed quoting and inconsistent field boundaries, which can cause CSV parsers to misalign columns or interpret data differently across libraries and locales. In a skill that likely uses this file as structured design-pattern input, that can break routing/selection logic, produce incorrect UI recommendations, or create downstream parsing faults.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal