Security audit

MindStudio Interface Designer Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MindStudio UI-building helper with no hidden execution or unrelated data access, though chat-style interfaces should minimize any conversation history they submit.

Reasonable to install for MindStudio Interface Designer work. Before using generated chat or upload interfaces in production, confirm exactly which workflow variables are submitted, avoid sending secrets or unnecessary history, and review generated React code before deploying it into a live workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The example explicitly instructs implementers to collect and submit `conversation_history` as a JSON-serialized string, but provides no warning about minimization, consent, retention, or sensitive-data handling. In a UI skill meant to be reused for production interfaces, this normalizes sending potentially sensitive prior messages downstream, which can expose personal, confidential, or regulated data to workflows or logs without clear user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal