ClawHub
Back to skill

Security audit

UI/UX Pro Max

Security checks across malware telemetry and agentic risk

Overview

This skill is a UI/UX helper that reads bundled design data and optionally writes design-system Markdown files, with no evidence of exfiltration, hidden persistence, credential access, or destructive behavior.

Safe to install for UI/UX assistance. Use the optional Python generator only when you want local design-system output, review any files it plans to create, and avoid auto-running the upstream sudo/package-manager examples without explicit need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to read local bundled files and optionally run a local Python script, which implies file-read and potential file-write/code-execution capabilities despite no declared permissions. This mismatch is dangerous because it expands the operational surface invisibly: a caller or orchestrator may treat the skill as low-privilege while it actually encourages filesystem access and script use.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation scope is very broad and can match many generic frontend, accessibility, copy, design-system, and code-generation requests without clear exclusions. Overbroad routing is risky because it can cause this skill to activate in situations beyond pure UI/UX guidance, increasing the chance that it accesses bundled assets or proposes code changes when a narrower, safer skill should have handled the request.

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
The keyword list for the Airline product type includes the token 'ai', which can accidentally match unrelated AI/ML queries and misclassify them as airline-related. In this skill, the CSV appears to drive UI/UX style recommendations, so the issue can produce incorrect routing or misleading design guidance rather than direct code execution or data compromise.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README explicitly states the skill auto-activates for UI/UX work, and the trigger language is broad enough to match ordinary design-related conversation. In an agent environment, this can cause unsolicited loading of skill instructions and tooling in contexts the user did not intend, increasing the chance of prompt-scope expansion or accidental execution of follow-on workflows.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The persistence path writes Markdown files derived from user-controlled inputs (`project_name`, `page`, and generated content) to disk without any explicit confirmation or user-visible disclosure at the execution point. In an agent setting, silent filesystem writes can surprise users, create unwanted artifacts, and potentially overwrite expected project content under the current working directory.

Chaining Abuse

High
Category
Tool Misuse
Content
**Ubuntu/Debian:**
```bash
sudo apt update && sudo apt install python3
```

**Windows:**
Confidence
89% confidence
Finding
&& sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal