Antfu Web Design Guidelines

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for UI review, but it should be reviewed because it can automatically pull mutable remote guidance into broad review workflows.

Install only if you are comfortable with the skill consulting live external guidance during reviews. Treat the fetched content as reference material, not authority to expand scope, edit files, or override agent safety rules; avoid using it on sensitive or confidential interfaces unless you have checked the remote source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill advertises broad trigger phrases such as "review my UI," "review UX," and "check my site against best practices," which can match many ordinary user requests and cause the skill to activate unexpectedly. Because the skill then fetches remote instructions before performing analysis, over-broad activation increases the chance that untrusted external guidance is pulled into unrelated workflows.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to fetch fresh rules from a remote URL before every review, but it does not warn the user that analysis behavior depends on mutable external content. This creates a supply-chain style risk where the remote document can change to include unsafe, manipulative, or scope-altering instructions, and the lack of disclosure makes unintended execution more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal