ClawHub

UI/UX Design and Development

Security checks across malware telemetry and agentic risk

Overview

This UI design skill is useful, but its setup script can make persistent privileged Nginx and system-directory changes that are broader than a design workflow needs.

Install only if you intentionally want a UI design skill that can configure a system Nginx site. Prefer running it in a disposable or isolated environment, review setup.sh before any sudo use, choose a non-sensitive serve directory and port, and verify what files are served or zipped before sharing exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill directs the agent to execute shell commands such as setup, screenshot capture, image conversion, and zipping, but no permissions are declared to constrain or make those capabilities explicit. This creates a trust and governance gap: a user invoking what appears to be a UI-design skill can trigger local command execution and file operations without clear authorization boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior materially exceeds the advertised purpose: beyond generating frontend mockups, it performs image processing, screenshots via a browser, and according to the finding, web-server and privileged system configuration changes including sudo and Nginx reloads. A skill with broad natural-language triggers and hidden operational side effects can be abused to modify host configuration or perform sensitive local actions under the guise of normal design work.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script goes beyond generating UI files and modifies the host's system-wide Nginx configuration, enabling a site and reloading the service. In a skill whose purpose is UI prototyping, this expands the trust boundary significantly and can disrupt existing web server configuration or expose generated content on the network.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The script performs privileged filesystem operations and later writes into /etc/nginx and reloads a system service via sudo, giving the skill effective system-administration capability. For a UI design skill, this is unnecessarily powerful and dangerous because compromise or misuse would affect the host, not just the generated artifacts.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are extremely broad, covering common requests like design, create, build, update, and prototype, which increases the chance this skill is auto-selected for many unrelated frontend or content tasks. Because the skill can invoke shell-driven workflows and potentially hosting/setup actions, overbroad activation expands the attack surface and raises the likelihood of unintended execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script starts making privileged changes early by creating and re-owning a served directory, and the overall flow includes silent system configuration changes without a clear warning to the operator. Hidden side effects increase the chance that a user runs the script without understanding it will alter web server state and expose content over HTTP.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal