ClawHub

NextJS Frontend Development + Integration

Security checks across malware telemetry and agentic risk

Overview

This frontend-development skill is mostly coherent, but it gives the agent broad local process, system-package, and live-preview authority that users should review before installing.

Install only if you are comfortable with a frontend skill that can manage local dev servers and may suggest sudo-based preview setup. Keep previews localhost-only by default, review any Nginx or sudo command before allowing it, avoid unscoped kill/delete-all PM2 commands, and do not use real credentials in generated .env.local files unless you are sure they will not be committed, zipped, screenshotted, or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes PM2 process management, persistent service behavior, and nginx-based exposure steps that go beyond code generation into host administration. These instructions can modify the runtime environment, create persistent processes, and expose services on the network, increasing operational and security risk if invoked automatically or by an over-privileged agent.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill directs `sudo apt-get install` for Chromium and nginx, introducing privileged package installation unrelated to the minimum needed for frontend scaffolding. Encouraging root-level package changes from a development skill raises the risk of unintended host modification, privilege misuse, and system compromise if the guidance is followed by an automated agent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The troubleshooting section recommends destructive process and port-management actions such as deleting PM2 processes, killing listeners, and deleting all PM2 jobs. These actions can disrupt unrelated applications and services on the host, especially in shared or multi-project environments.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger criteria are broad enough to activate on many generic software-development requests, which can cause this skill to run outside its intended scope. In an agent environment, overbroad routing increases the chance of unintended code generation, dependency installation, or project scaffolding actions being applied when a different, narrower skill would be safer or more appropriate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs exposing a local development server through nginx on an external port, but it does not clearly warn about privacy, firewall, authentication, or unintended network accessibility risks. In context, this is more dangerous because the skill is framed as routine UI generation, so users may not realize they are being guided to publish a live service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instructions create `.env.local` entries containing secrets such as database URLs and auth secrets without emphasizing secure secret handling. That omission can lead users or automated agents to hardcode real credentials, mishandle them in logs, screenshots, archives, or version control, and leak sensitive data.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script causes headless Chromium to make outbound requests to any user-supplied URL, creating an undisclosed network access primitive. In an agent or automated environment, this can be abused for SSRF-style access to internal services, metadata endpoints, or other restricted network locations, and the use of --no-sandbox increases the risk if hostile content is rendered.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal