awesome-demo-web-build

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed web demo generator that creates project files and fetches design references only as part of its stated workflow.

Install this if you want an agent to scaffold web demo projects and write files in your workspace. Review the generated scaffolding command before confirming, use it in a disposable or intended project folder, and avoid giving it sensitive or internal URLs as design references.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill explicitly allows a user to paste an arbitrary reference URL and then directs the agent to fetch content from that URL. That introduces unnecessary network access for a web demo generator and can be abused for untrusted remote content retrieval, including access to attacker-controlled pages, prompt-injection content, or internal resources if fetch controls are weak.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal