React Advanced

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only React and Next.js guidance skill with no executable code or hidden system access.

Reasonable to install if you want advanced React and Next.js help. Review generated code before applying it to production, especially examples involving Server Actions or database writes, and specify your preferred language if you do not want Chinese responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation guidance is broad enough to trigger on many ordinary React questions without clear exclusion criteria or routing boundaries. In an agent environment, this can cause the skill to activate unintentionally, override more appropriate skills, and produce irrelevant or overly specialized guidance, which increases the chance of unsafe or misleading assistance through misrouting rather than direct code execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal