UI Design

Security checks across malware telemetry and agentic risk

Overview

This is a UI design guidance skill with broad activation language, but it does not show hidden execution, data access, persistence, or harmful behavior.

Install this if you want general UI design advice injected into frontend tasks. If you prefer tight control over when extra design guidance appears, consider narrowing its triggers locally, but there is no artifact-backed evidence of malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description says to use this skill when building 'any web interface,' which is broad enough to trigger the skill in many unrelated frontend tasks. That can cause unintended activation, over-application of design guidance, and possible interference with more specialized or security-relevant skills, though it does not directly enable code execution or data exfiltration.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The keyword list includes many generic frontend and design terms without constraints, increasing the chance the orchestrator invokes this skill for broad web-development work rather than targeted UI design tasks. In context, this is a scope/activation quality issue rather than a malicious prompt-injection attempt, but it can still degrade agent behavior and task routing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal