ClawHub

Frontend Design Deslop

Security checks across malware telemetry and agentic risk

Overview

This skill is a frontend design workflow that writes design guidance and UI changes, with no evidence of hidden exfiltration, destructive behavior, or deceptive instructions.

Install this if you want an opinionated frontend design workflow that may ask structured clarification questions, use web research for visual references, and create or update DESIGN.md plus UI files. Review the resulting edits as you would any design-system change, especially if you only wanted a small frontend tweak.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill’s trigger conditions are extremely broad, including generic requests like building or styling any frontend or simply 'build a UI for X'. That can cause the skill to activate in many contexts where the user did not explicitly request this behavior, creating prompt-scope creep and increasing the chance the agent follows this skill’s prescriptive workflow instead of the user’s narrower intent.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill mandates a single interaction mode by requiring every user question to go through AskUserQuestion with no fallback. This can override normal agent-user interaction expectations, create unnecessary tool dependence, and pressure the system into collecting structured responses even when plain-text clarification or no question at all would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal