React Expert

Security checks across malware telemetry and agentic risk

Overview

This is a React coding guidance skill with broad activation terms but no hidden execution, credential access, or data exfiltration behavior.

This appears safe to install as a React helper. Be aware it may activate on broad frontend wording, and review any generated application code involving browser storage, API calls, database writes, or server actions before using it in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes several very broad terms such as 'component', 'frontend', 'hooks', and generic React keywords that are likely to appear in many unrelated requests. This can cause the skill to activate outside its intended scope, increasing the chance of inappropriate guidance being injected into conversations or overshadowing a more suitable skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal