Back to skill

Security audit

web-front

Security checks across malware telemetry and agentic risk

Overview

This is mostly a disclosed static website generator, but it needs review because it includes irreversible project-deletion instructions and a checkout demo that asks for card details while making an unsupported encryption claim.

Install only if you are comfortable with a skill that writes and previews local HTML/JS and can manage generated project folders. Review the exact path before confirming delete or rename actions, and do not enter real payment-card information into the included checkout demo.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as generating and previewing front-end pages, but the documentation expands its authority into broader site-management operations such as deletion and renaming. This scope mismatch is dangerous because users or orchestrators may grant trust and permissions appropriate for page generation while the skill also exposes filesystem-altering capabilities not clearly disclosed at the top level.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill includes destructive deletion of project directories even though its stated purpose is page generation and preview. Any capability that can recursively remove files is high risk because prompt confusion, ambiguous matching, or parameter manipulation could destroy user data under the managed directory.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Project renaming goes beyond the narrowly described generation workflow and performs filesystem mutation on existing content. While less destructive than deletion, it can still break references, overwrite destinations, or be abused through ambiguous user intent if not tightly constrained.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases for management actions are broad conversational patterns like opening, modifying, or listing websites, which can overlap with ordinary discussion. In an agent setting, overbroad triggers can cause unintended file operations or browser launches from casual language rather than a deliberate command.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The learning triggers are vague, such as when the user says 'make it better' or when new trends are encountered, and they lead to persistent updates of local learning files. This is risky because benign feedback or loosely interpreted context could trigger unauthorized writes and long-term modification of stored resources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description says generated content is automatically saved to disk without prominently warning the user or requiring consent. Silent persistence can surprise users, create privacy issues, and leave unwanted files on the local system.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Automatically opening generated files in the system browser is a side effect that can launch external applications without explicit confirmation. Even for local HTML, auto-opening can be disruptive, leak activity context, or execute active content in the browser unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow describes continuously updating local learning files as part of normal operation, but does not clearly warn users that stored resources will be modified over time. Persistent self-modification raises auditability and integrity concerns, especially when updates are triggered by ambiguous user feedback.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.