Security audit

uView UI

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only uView UI skill with some risky example code and privacy-unfriendly reference content, but I did not find hidden execution, credential theft, persistence, or malicious behavior.

Install only if you want uView UI Vue 2 / uni-app documentation injected into your agent. Treat the included examples as reference material: review upload endpoints, auth headers, clipboard behavior, dev-server settings, and verification-code handling before using them, and avoid rendering or redistributing the donor ledger content unless you are comfortable with that privacy exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (227)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: An introduction document for a UI library contains unrelated donation content and a donor ledger, which broadens the skill’s data exposure beyond its stated purpose. Even if intended as community recognition, embedding identity/payment-adjacent information in skill documentation creates unnecessary privacy risk and increases the chance that downstream consumers ingest or surface personal data unintentionally.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The file exposes unjustified donor information including names, avatars, donation amounts, dates, payment platforms, and messages, none of which are necessary for a UI component library skill. This creates a privacy and data-minimization violation, and the information could be harvested for profiling, phishing, social engineering, or correlation with external payment identities.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The document explicitly warns not to use an array index as the Vue key for swipe-delete lists because deletion can cause item/state mismatches, then later demonstrates `:key="index"` in a `v-for` on `u-swipe-action-item`. In an interactive delete/swipe UI, unstable keys can cause the wrong row to remain open, callbacks to apply to the wrong item, or the wrong record to be deleted after list mutation.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The documentation for a UI component includes runnable example code that performs a real network upload, which goes beyond demonstrating presentation behavior and can lead developers to copy code that exfiltrates user-selected files. In a component-library reference, embedding active upload logic without strong scoping or safety guidance increases the chance of unintended data transfer in downstream apps.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The sample hardcodes an internal IP upload target, encouraging direct transmission of selected files to a specific host with no explanation of trust boundaries, authentication, or environment constraints. Developers may unknowingly reuse this snippet, causing accidental uploads to unintended infrastructure or normalizing unsafe hardcoded endpoints in production code.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The documentation explicitly advises setting webpack-dev-server `disableHostCheck: true` to support intranet tunneling. Disabling host header validation weakens a built-in safety control and can expose developers to DNS rebinding or unintended remote access during local development, especially if the dev server is reachable beyond the local machine.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The auto-invocation conditions are broad enough to trigger on generic mobile UI work such as forms, buttons, modals, navigation, and utility usage, even when the user did not ask for the uView UI library specifically. This can cause inappropriate skill activation, steering responses toward a specific framework and its APIs in unrelated contexts, which is a form of scope hijacking and can degrade correctness or mislead downstream code generation.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger description is overly broad because it activates on a generic user need ('加群交流') rather than a narrowly scoped development task. In an agent environment, ambiguous activation can cause the skill to be invoked outside its intended context and steer users toward external community links, increasing the chance of unwanted redirection or social-engineering exposure.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description says to invoke when the user needs built-in styles in a uni-app Vue 2.x project, which is relatively broad and lacks tighter routing constraints. Overly broad invocation conditions can cause the wrong skill to be selected in adjacent contexts, increasing the chance of irrelevant guidance or unintended tool usage, though this file itself does not contain direct exploit logic.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation description is overly broad because it triggers on a generic user need for 'resources' in a uni-app Vue 2.x project, rather than a narrowly scoped task. Broad matching can cause the skill to activate for ordinary development requests and unnecessarily expose users to external download links and unrelated content, increasing the chance of misrouting or unsafe resource retrieval.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation example logs the current verification code value and the completed code directly to the console. Verification codes are sensitive authentication data; logging them can expose secrets to local debugging tools, shared device logs, remote log collectors, or screen captures, which increases the risk of account takeover if the code is still valid.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description says to invoke the skill when the user 'needs Empty 内容为空,' which is a broad, common UI need rather than a precise activation boundary. In an agentic system, underspecified triggers can cause inappropriate or overly eager invocation, leading to wrong-tool selection and reduced user control, though this file does not introduce direct code-execution or data-exfiltration risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation states that, on mini-program platforms, clicking external links will automatically copy the link. Clipboard writes are a user-data-affecting action that can surprise users and may be abused for deceptive flows, phishing assistance, or unwanted clipboard replacement, especially when the behavior is enabled by default (`copyLink` defaults to true). In this UI component context, the risk is real because developers may adopt the default behavior without adding disclosure or consent UX.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation text says to invoke when the user needs Alert in a uni-app Vue 2.x project, which is a broad trigger that can cause the agent to select this skill in loosely related situations. Overbroad routing increases the chance of unnecessary context injection and inappropriate tool use, especially in automated skill-selection pipelines.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description says to invoke the skill whenever the user needs NumberBox in a uni-app Vue 2.x project, which is a relatively broad trigger without explicit limits on when this specific reference should be selected over other UI guidance. Overbroad routing can cause the agent to invoke this skill in loosely related contexts, increasing the chance of irrelevant guidance, prompt-scope confusion, or unintended exposure to untrusted embedded content from the skill corpus.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The upload example sends user-selected files to a remote server but provides no warning about privacy, consent, retention, or the fact that local media leaves the device. Because this appears in developer documentation, it can be copied into applications without appropriate user notice or safeguards, creating privacy and compliance risk.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The invocation text is overly broad: it says to invoke whenever a user needs a custom style guide in a uni-app Vue 2.x project, without tighter constraints on when this specific reference is actually appropriate. Broad activation conditions can cause the agent to select this skill unnecessarily, increasing the chance of irrelevant or unsafe behavior, especially since the referenced page is a missing/404 page and may mislead downstream handling.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The example interceptor automatically copies a Vuex token into request headers whenever a custom auth flag is set, but it provides no guidance on secure token storage, origin restrictions, or accidental leakage to unintended endpoints. In skill context this is more dangerous because it is copy-pastable framework guidance, so developers may reuse it broadly and unintentionally send credentials to the wrong baseURL, third-party services, or insecure environments.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation description is overly broad ('Invoke when user needs 对象操作 in uni-app Vue 2.x project'), which can cause the agent to select this skill in loosely related contexts without strong constraints. While this file is only documentation for object helpers and does not contain direct prompt-injection text or code execution paths, broad routing increases the chance of inappropriate skill activation and unintended influence on agent behavior.

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High

Category: YARA Match
Content: **注意：** `defaultIndex`数组的长度，必须与列数相同，否则无效。 1. 单列模式如设置`defaultIndex`为`[1]`表示默认选中第2个(从0开始)，`[5]`表示选中第6个。
Confidence: 80% confidence
Finding: description=; description =; description =; description:; description =; description:; iVBORw0KGgoAAAANSUhEUgAAACgAAAAOCAYAAABdC15GAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAA

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High

Category: YARA Match
Content: --- name: "tabs" description: "Tabs 标签 -- uView UI uni-app Vue2 组件/工具。Invoke when user needs Tabs 标签 in uni-app Vue 2.x project." url: "https://www.uviewui.com/components/tabs.html" ---
Confidence: 80% confidence
Finding: description:; iVBORw0KGgoAAAANSUhEUgAAACgAAAAOCAYAAABdC15GAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAFxSURBVHgBzZNRTsJAEIb/WTW+lpiY+FZPIDew3ABP4GJ8hxsI9zBpOYHeQDwBPQI+mRiRvp

External Transmission

Medium

Category: Data Exfiltration
Content: | | --- | --- | --- | --- | --- | --- | <table cellspacing="0" cellpadding="0" border="0" class="el-table__body" style="width: 949px;"><colgroup><col name="el-table_2_column_7" width="159"><col name="el-table_2_column_8" width="158"><col name="el-table_2_column_9" width="158"><col name="el-table_2_column_10" width="158"><col name="el-table_2_column_11" width="158"><col name="el-table_2_column_12" width="158"></colgroup><tbody><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">r*r</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a8269999b705626b43f2.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">5</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el-table__cell"><div class="cell">2025-10-31</div></td><td rowspan="1" colspan="1" class="el-table_2_column_11 el-table__cell"><div class="cell"><span data-v-40f8097f="">微信</span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_12 el-table__cell"><div class="cell"><span data-v-40f8097f="">--</span></div></td></tr><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">c*b</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a85f9999b705626b4410.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">10</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el ...[truncated 28 chars]
Confidence: 50% confidence
Finding: https://api.uviewui.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | | --- | --- | --- | --- | --- | --- | <table cellspacing="0" cellpadding="0" border="0" class="el-table__body" style="width: 949px;"><colgroup><col name="el-table_2_column_7" width="159"><col name="el-table_2_column_8" width="158"><col name="el-table_2_column_9" width="158"><col name="el-table_2_column_10" width="158"><col name="el-table_2_column_11" width="158"><col name="el-table_2_column_12" width="158"></colgroup><tbody><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">r*r</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a8269999b705626b43f2.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">5</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el-table__cell"><div class="cell">2025-10-31</div></td><td rowspan="1" colspan="1" class="el-table_2_column_11 el-table__cell"><div class="cell"><span data-v-40f8097f="">微信</span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_12 el-table__cell"><div class="cell"><span data-v-40f8097f="">--</span></div></td></tr><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">c*b</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a85f9999b705626b4410.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">10</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el ...[truncated 28 chars]
Confidence: 50% confidence
Finding: https://api.uviewui.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | | --- | --- | --- | --- | --- | --- | <table cellspacing="0" cellpadding="0" border="0" class="el-table__body" style="width: 949px;"><colgroup><col name="el-table_2_column_7" width="159"><col name="el-table_2_column_8" width="158"><col name="el-table_2_column_9" width="158"><col name="el-table_2_column_10" width="158"><col name="el-table_2_column_11" width="158"><col name="el-table_2_column_12" width="158"></colgroup><tbody><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">r*r</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a8269999b705626b43f2.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">5</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el-table__cell"><div class="cell">2025-10-31</div></td><td rowspan="1" colspan="1" class="el-table_2_column_11 el-table__cell"><div class="cell"><span data-v-40f8097f="">微信</span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_12 el-table__cell"><div class="cell"><span data-v-40f8097f="">--</span></div></td></tr><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">c*b</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a85f9999b705626b4410.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">10</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el ...[truncated 28 chars]
Confidence: 50% confidence
Finding: https://api.uviewui.com/

External Transmission

Medium

Category: Data Exfiltration
Content: | | --- | --- | --- | --- | --- | --- | <table cellspacing="0" cellpadding="0" border="0" class="el-table__body" style="width: 949px;"><colgroup><col name="el-table_2_column_7" width="159"><col name="el-table_2_column_8" width="158"><col name="el-table_2_column_9" width="158"><col name="el-table_2_column_10" width="158"><col name="el-table_2_column_11" width="158"><col name="el-table_2_column_12" width="158"></colgroup><tbody><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">r*r</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a8269999b705626b43f2.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">5</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el-table__cell"><div class="cell">2025-10-31</div></td><td rowspan="1" colspan="1" class="el-table_2_column_11 el-table__cell"><div class="cell"><span data-v-40f8097f="">微信</span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_12 el-table__cell"><div class="cell"><span data-v-40f8097f="">--</span></div></td></tr><tr class="el-table__row"><td rowspan="1" colspan="1" class="el-table_2_column_7 el-table__cell"><div class="cell">c*b</div></td><td rowspan="1" colspan="1" class="el-table_2_column_8 el-table__cell"><div class="cell"><span data-v-40f8097f="" class="el-avatar el-avatar--circle" style="height: 40px; width: 40px; line-height: 40px;"><img src="https://api.uviewui.com/uploads/6905a85f9999b705626b4410.jpeg" style="object-fit: cover;"></span></div></td><td rowspan="1" colspan="1" class="el-table_2_column_9 el-table__cell"><div class="cell">10</div></td><td rowspan="1" colspan="1" class="el-table_2_column_10 el ...[truncated 28 chars]
Confidence: 50% confidence
Finding: https://api.uviewui.com/

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal