Native UI

Security checks across malware telemetry and agentic risk

Overview

This is a documentation skill for Expo and React Native UI work, with disclosed mobile-app examples but no hidden execution or data-stealing behavior.

Safe to install for Expo/React Native UI work. Review generated diffs before accepting route deletions or large navigation rewrites, approve package installs/native builds deliberately, and only add camera, microphone, media-library, storage, or SecureStore code when the app feature clearly requires it. Prefer the ClawHub install path over an unpinned remote GitHub npx install.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The line instructs users to apply this skill for 'ANY 3D graphics, games, GPU compute, or Three.js features,' which is overly broad and can cause the agent to invoke this skill outside its validated scope. Over-broad routing increases the chance of irrelevant or lower-quality guidance being applied, which can mislead downstream code generation or suppress use of more appropriate specialized skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal