ClawHub
Back to skill

Security audit

Responsive Layout

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact responsive layout guidance skill with broad triggers but no code execution, credentials, persistence, or hidden data access.

Install if you want responsive layout help. Be aware it may activate for broad frontend terms like layout, flex, or grid; review generated CSS before applying it, especially in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are very broad and consist mainly of common frontend keywords without clear scope boundaries, exclusion cases, or intent checks. This can cause the skill to activate in contexts where the user only mentions these terms incidentally, leading to over-invocation and potentially irrelevant or unwanted guidance.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill content is written entirely in Chinese and does not indicate any language-selection behavior, which may cause the agent to respond in Chinese regardless of the user's language preference. This creates a usability and policy-alignment issue because the skill may override user expectations and reduce clarity in multilingual environments.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list in the frontmatter is broad and consists largely of common UI/CSS terms like 'layout', 'flex', 'grid', and responsive-design keywords. This can cause the skill to activate in unrelated conversations, increasing the chance that its guidance overrides more appropriate skills or injects unsolicited instructions into the agent workflow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger scenarios describe common user phrases without clear constraints, disambiguation rules, or exclusion cases. In practice, this ambiguity can lead to unintended skill invocation during general frontend discussions, reducing routing accuracy and potentially causing the agent to follow an irrelevant procedural flow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.