Back to skill

Security audit

Cuihua A11y Checker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local accessibility checker; its auto-fix examples need caution, but the included script only reads project files and reports issues.

Install if you want local accessibility scanning and agent-assisted repair suggestions. Point it at specific source folders, review any proposed or applied code changes as diffs, and run normal tests before committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises 'Auto-fix' behavior but does not clearly warn users that project files may be modified. In an agentic environment, this can lead to unexpected code changes, accidental overwrites, or broad edits applied without informed consent, especially if the user intended analysis only.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example states 'Updated: styles.css' as if the skill directly changed a project file, but it provides no accompanying warning, confirmation step, or mention of safe review. This normalizes silent file modification behavior and could cause users to permit destructive or unintended edits without understanding that the agent writes to disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.