Shadcn Ui

Security checks across malware telemetry and agentic risk

Overview

This is a text-only shadcn/ui frontend guidance skill with no hidden sensitive access or destructive behavior found.

Install if you want shadcn/ui implementation help. Be aware that it may activate on some generic UI terms, and review any suggested `npx` or `npm` command before running it in a project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains several generic phrases such as "component library," "UI components," "dialog," "sheet," and "toast" that are not specific to shadcn/ui. In an agent-routing system, these broad triggers can cause the skill to activate for unrelated frontend requests, leading to overbroad scope capture, misrouting, and inappropriate code generation or guidance outside the intended domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal