ClawHub

Talk2UI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SwiftUI coding helper with local personalization and preview guidance, but users should keep control over any saved preferences, file edits, or script execution.

Install only if you want a SwiftUI assistant that can remember local design preferences. Review `.agent/memory/user-preferences.md` and any custom cheat-sheet entries periodically, and approve file edits, helper scripts, Xcode automation, or profiling commands only when you specifically requested them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill broadens its scope from translating colloquial UI requests into SwiftUI code to remembering users and managing persistent preferences. That adds cross-session data handling unrelated to the declared purpose, increasing privacy and data-governance risk if the agent stores user-specific information without strong consent and boundaries.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation expands the skill into file-writing and automated Xcode/AppleScript preview workflows, which are materially more powerful than simple code generation. Tool automation that opens apps, modifies files, or drives UI can cause unintended side effects and creates a larger attack surface if triggered by adversarial or ambiguous prompts.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Reading persistent user-preference files before every task is not necessary for a SwiftUI translation skill and creates an unjustified dependency on stored user data. This can expose prior-session information, lead to silent personalization, and make the agent behave based on stale or sensitive data the user did not expect to be reused.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to write learned expressions and session-derived preferences into local files, creating persistent storage of user-originated content unrelated to the core function of generating UI code. This can capture personal habits or sensitive phrasing across sessions and may contaminate shared resources such as a cheat sheet used beyond the current user.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Automating Xcode via shell script and AppleScript grants the skill the ability to control local tools and potentially modify the developer environment, which exceeds the need to translate UI descriptions into code. Such automation can be abused to open files, trigger actions, or interfere with the workspace when prompt content is adversarial or the target path is unsafe.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Documenting use of `xcrun xctrace` introduces process execution and runtime attachment capabilities that are not required for the skill's main purpose. While useful for performance analysis, it expands operational privileges and can interact with local processes in ways users may not expect from a code-generation skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill reads and uses stored user preferences without a clear privacy notice or retention disclosure. Hidden persistence undermines informed consent and may surprise users who expect a simple UI code assistant rather than cross-session profiling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Recording the user's original phrasing to a file without a clear warning creates a transparency and privacy problem. User language can contain identifying preferences, internal terminology, or sensitive context, and storing it silently is unjustified here.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Persisting session-derived preferences at session end without a strong warning about retention and reuse creates covert statefulness. Even with a confirmation prompt, the storage purpose, scope, and lifecycle are not clearly bounded, which is risky in a skill not primarily designed for user profiling.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Automatic file writing and Xcode preview automation are described without clear warnings that local files may be modified and tools controlled. Users may not realize that accepting help with code generation could trigger workspace changes or GUI automation, which is a meaningful security and integrity risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs reuse of stored user preferences across sessions, creating persistent state tied to user behavior. In the context of a UI code-generation skill, that persistence is not essential and increases privacy risk, especially if users are unaware of what is retained.

Ssd 3

Medium
Confidence
97% confidence
Finding
The learning flow saves user-originated phrasing and mappings into a cheat sheet, which risks storing user-specific or sensitive terminology in persistent or even shared documentation. This creates a data-leakage path and could taint future outputs for other users if the cheat sheet is reused broadly.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow proactively extracts preferences and asks to make them defaults, establishing cross-session behavioral profiling. For a SwiftUI colloquial-programming skill, this is unnecessary persistence that can accumulate a detailed preference profile over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal