Web Presentation Pattern Selector

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a purpose-aligned web presentation design helper, with only a low-risk disclosed workspace documentation write noted.

Install only if you are comfortable with the agent creating a project documentation file. Review the target path and generated markdown before accepting the change, especially in repositories where unplanned file changes matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to write `web-presentation-design.md` into the project root or docs folder, but it does not require prior user confirmation or clearly warn that it will modify the workspace. In an analysis/design skill this is a real but low-severity safety issue because unexpected file creation can alter repositories, dirty working trees, or overwrite intended workflows even if the content is non-executable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal