ClawHub

UI / UX

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent UI/UX design helper with optional local markdown saving, but users should be careful with its path options.

Install this if you want a local UI/UX reference and design-system generator. Use --persist only when you intend to create design-system markdown files, keep --output-dir inside your project, and avoid project or page names containing slashes, dot-dot paths, or other path-like text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to read and write local files via `scripts/search.py` and `--persist`, but the metadata declares no permissions. This creates a transparency and policy-enforcement gap: users or hosting systems may assume the skill is read-only when it can create `design-system/` files and page overrides on disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
79% confidence
Finding
The documented behavior extends beyond a simple searchable design database into filesystem persistence, project structure creation, and broader implementation-guidance searches. When behavior exceeds the declared purpose, users and automated policy systems cannot accurately assess risk, which can lead to unintended file modifications or over-broad execution in environments that would otherwise restrict the skill.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The activation guidance says to use the workflow for broad requests such as design, build, create, implement, review, fix, and improve, which can cause the skill to trigger on very generic UI-related tasks. Over-broad invocation increases the chance that the agent runs CLI searches or persistence steps unnecessarily, exposing local project context and causing unintended side effects.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The CSV rows around lines 28–31 contain malformed quoting, including stray or unterminated double quotes, which can break standard CSV parsing. In a skill that relies on structured design data, this can cause row shifting, field misalignment, dropped records, or incorrect data being surfaced to downstream tooling, and in some parsers may contaminate subsequent rows until the next quote is balanced.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The frontmatter description contains extremely broad action, project, element, style, and topic keywords, making the skill eligible for invocation across a wide range of ordinary UI/code-editing requests. This can cause unintended activation, over-collection of user context, and inappropriate influence on tasks outside the skill's intended scope, which is a real security and safety boundary issue for agentic tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal