ClawHub
Back to skill

Security audit

Element Plus UI Vue3

Security checks across malware telemetry and agentic risk

Overview

This is a documentation skill for Element Plus Vue 3 UI components, with some copy-paste examples that need normal frontend security caution.

Install only if you want Element Plus/Vue 3 documentation in your agent. Keep the user's requested language and UI library in control, and review copied examples that render HTML, upload files, fetch remote images, use CDNs, or run package-manager cleanup/install commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (1536)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documentation exposes `element-loading-spinner` / `element-loading-svg` as sinks for raw HTML/SVG content, and the examples normalize passing markup strings into the UI. Even though the page later warns against using untrusted input, this is still a real script-injection/XSS risk because downstream users may bind attacker-controlled content into these props and have it rendered in the DOM.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation explicitly demonstrates enabling `dangerouslyUseHTMLString` for MessageBox content, which creates a direct path to DOM-based or reflected XSS if copied into applications with untrusted input. Although the page includes a warning later, the example still normalizes an unsafe pattern and may be reused without proper sanitization.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The metadata description and trigger framing are broad enough to activate on general Vue 3 desktop UI work, not just clear Element Plus requests. In an agentic environment, over-broad routing can cause inappropriate skill selection, increase prompt-surface exposure, and let this skill influence tasks outside its intended scope.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The automatic invocation rules include ambiguous cases like general Vue 3 page development, Composition API usage, theming, i18n, and UI needs that are common across many frontend stacks. This can misroute unrelated work to the skill, creating unnecessary authority and context injection that may distort outputs or overshadow more appropriate skills.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The front-matter description uses an overly broad activation trigger: 'Invoke when user needs Container 布局容器 in Vue 3.x project.' Broad invocation criteria can cause the skill to activate outside narrowly intended contexts, increasing the chance that irrelevant or unreviewed instructions influence agent behavior. In an agent skill ecosystem, ambiguous routing metadata is a real security and safety issue because it expands the attack surface for prompt/tool misuse.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The frontmatter says to invoke this skill whenever the user needs Scrollbar in a Vue 3.x project, which is broader than a narrowly constrained trigger and can cause the agent to select this skill in contexts where it is not the best or safest fit. Overly broad routing increases the chance that unreviewed skill content influences unrelated tasks or overrides user preferences.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metadata and linked documentation are explicitly Chinese-language oriented (e.g., zh-CN) without indicating that locale selection should follow user preference. In an agent setting, forcing a language/locale can degrade reliability, cause misunderstanding, and steer users into content they did not request.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill metadata explicitly points to a Chinese-language documentation URL and describes invocation for that resource without any indication of language negotiation or user preference handling. In an agent setting, this can steer users into a resource they may not understand, increasing the chance of misunderstanding code examples, configuration, or safety-relevant guidance.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metadata explicitly directs use of a Chinese-language documentation resource without any indication that language should be selected based on user preference. In an agent skill, this can degrade safety and reliability by steering the model to inaccessible or misunderstood content, increasing the chance of incorrect implementation guidance for users who did not request Chinese-language materials.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The frontmatter and linked URL explicitly target the zh-CN locale and describe the skill as applicable when building Vue 3 pages with Element Plus, which can steer an agent to answer in Chinese or use a locale-specific resource without the user's consent. This is not code-execution dangerous, but it can override user preference, reduce usability, and increase prompt-control risk in agent settings.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The frontmatter description explicitly positions the skill as a Chinese-language Element Plus resource ('卡片', '桌面端组件') and points to a zh-CN URL, which can bias agent behavior toward a specific locale without checking the user's language preference. In an agent skill context, this can cause unwanted language switching, reduced usability, or incorrect assumptions about user intent, though it is not directly a code-execution issue.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The metadata explicitly constrains the skill to Chinese-language/Chinese-locale documentation ('桌面端组件', zh-CN URL, Chinese description) without stating that locale should be selected based on user preference. In an agent setting, this can steer outputs into a language the user did not request, reducing reliability and potentially causing misunderstandings, but it is not directly a code-execution or data-exfiltration issue.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The frontmatter description explicitly constrains usage to Chinese-language Element Plus/Vue3 context ('桌面端组件', 'Invoke when user needs Empty 空状态'), which can steer an agent into a specific locale without confirming user preference. This is not directly exploitable like code execution, but it can bias assistant behavior, reduce user autonomy, and contribute to prompt-routing errors in multilingual environments.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The custom toolbar example includes a download() helper that performs fetch(url) against remote image URLs and then triggers a browser download, but the documentation does not warn that using the example causes network access to third-party hosts. In an agent skill context, examples are often copied verbatim into projects, so this can silently introduce external requests, data disclosure via Referer/IP, and unreviewed client-side download behavior.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The metadata and URL explicitly steer the skill toward Chinese-language Element Plus documentation without any user opt-in. This can override user locale expectations and may cause an agent to preferentially respond in or source from a language the user did not request, which is a form of prompt/behavior steering.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The front-matter description explicitly frames the skill for the Chinese Element Plus documentation and a Vue 3 project context without indicating any language fallback or user choice. This can bias an agent toward responding in Chinese or using locale-specific docs when the user did not opt in, which is a prompt-safety and usability issue rather than a direct code-execution risk.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The frontmatter explicitly directs use of a Chinese-language documentation URL and description without any indication that language should follow user preference. In an agent skill, hard-coding a non-user-selected language can mislead the agent into producing inaccessible or unexpected output, which is a prompt-quality and user-alignment weakness rather than code execution.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The frontmatter and linked URL explicitly position this skill as Chinese-language/zh-CN content for Element Plus, which can steer agent output into a fixed locale without checking the user's preference. This is not code-execution dangerous, but it can cause incorrect or policy-noncompliant behavior in multilingual contexts by overriding user intent or reducing accessibility.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill manifest description is broad enough to match generic requests about 'messages' in Vue 3 projects, which can cause the agent to invoke this skill outside a narrowly intended scope. Over-broad routing increases attack surface by making documentation content and examples available in unrelated contexts, including contexts where unsafe patterns like HTML rendering could be suggested.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The front-matter description says to invoke when a user 'needs Notification 通知 in Vue 3.x project,' which is broad enough to trigger on generic notification-related requests rather than specifically Element Plus component usage. Over-broad routing can cause the wrong skill to activate and inject library-specific guidance into unrelated tasks, increasing the chance of unsafe or irrelevant actions.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill metadata and URL are hard-wired to the Chinese-language documentation without indicating user preference or fallback behavior. That can misroute users into a locale they did not request, causing misunderstanding of security warnings and implementation details.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The front-matter description uses broad invocation language ('Invoke when user needs Popconfirm... in Vue 3.x project'), which can cause the skill to be selected for ordinary UI requests without strong narrowing conditions. Over-broad routing increases the chance that unrelated or lower-trust content is injected into agent context, which is a real prompt-scope security issue even though this specific file is otherwise documentation-like.

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The metadata points to a Chinese-language page and describes the skill in Chinese-oriented terms without indicating locale negotiation or user preference handling. This can cause forced locale behavior, which may degrade user control and increase the chance of misunderstanding or unsafe copy-paste when the user's requested language differs.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The metadata description explicitly states the skill is for the Chinese Element Plus desktop component library and points to a zh-CN documentation URL, which can steer an agent toward responding in Chinese or using a specific locale without explicit user preference. This is not code execution risk, but it can degrade user alignment and cause unintended language or regional behavior in downstream agent use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The password-mask example visually hides the OTP input but still renders the bound OTP value in plaintext (`Value: {{ otp }}`), which normalizes exposing one-time codes in UI/debug output. In real applications, this can leak authentication secrets to shoulder-surfers, screen recordings, logs, or copied screenshots, undermining the purpose of masking.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal