Back to skill

Security audit

State Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only React state-management guidance skill with no executable code, credential access, persistence, or hidden behavior.

Safe to install as a frontend state-architecture helper. Review generated code before applying it to production, and consider narrowing invocation if you do not want it to trigger on broad state-management discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger guidance is broad enough to activate on common, loosely related user requests such as general questions about state management or messy stores. In an agentic system, overbroad activation can cause the skill to run outside its intended scope, increasing the chance of irrelevant guidance, policy bypass chains, or unintended interaction with other skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.