ClawHub

Frontend UI Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only frontend planning skill with disclosed, limited project-documentation writes and no executable install-time behavior.

Installers should expect this skill to guide frontend planning and, during implementation work, to create or update DESIGN.md in the project or feature root. Review proposed file changes in repositories with strict documentation or change-control requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The guidance explicitly states that pairing with `frontend-design` can result in created or modified files, which expands this skill from planning into implementation behavior. That mismatch is dangerous because it can lead an orchestrator or user to authorize file-writing actions they did not expect from a planning-focused skill, increasing the chance of unintended workspace modification.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The 'Full delivery loop' describes end-to-end output including implemented UI and `DESIGN.md`, which materially broadens the advertised capability beyond planning into execution. In skill-chaining environments, this can cause over-privileged routing and user misunderstanding about what actions may occur, making unintended code or file changes more likely.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly says the skill will create or update `DESIGN.md` when frontend files are created or modified, but it does not warn that using the skill may change project files or require user confirmation. In an agentic environment, undocumented write behavior can lead to unintended file modifications, overwrite of existing design records, or surprising persistence of generated content, especially if users expect planning-only behavior from a README-described workflow skill.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The README states that the skill will create or update `DESIGN.md`, which implies a filesystem write, but it does not clearly tell the user up front that running the skill may modify project files. In an agent setting, undocumented writes can violate user expectations and lead to unintended repository changes, especially if the skill is invoked for planning or review rather than editing.

Missing User Warnings

Low
Confidence
84% confidence
Finding
This section mentions creating or modifying files as an output but provides no warning that project files may change. While not inherently malicious, the lack of disclosure reduces informed consent and can surprise users in environments where planning skills are assumed to be non-mutating.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The full workflow lists implemented UI output and `DESIGN.md` generation without any warning about write-side effects. In context, this makes the skill more dangerous because it is presented as a smooth workflow progression, which may normalize file modifications without explicit consent or visibility.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation text is broad enough to match many ordinary requests for dashboards, analytics, workspaces, or team tools, which can cause the wrong skill to trigger in unrelated contexts. Over-broad routing increases the chance that downstream instructions are applied when they are not appropriate, leading to confused task handling or accidental prompt/instruction injection surface expansion.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal