Back to skill

Security audit

Elderly Ui Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed accessibility-compliance auditor that scans project UI code, writes a report, and only performs style-focused fixes when the user opts in.

Install only for projects where you want an accessibility/elderly-mode UI audit. Review generated reports before acting on them, and use --fix only on a clean working tree because it may edit style files even though the skill says fixes should be limited and reversible by comments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad and based on common phrases, which can cause the skill to activate in contexts the user did not clearly intend. In an agentic environment, over-broad activation can lead to unintended repository scanning, report generation, or file modification workflows, especially because this skill also supports automatic fixes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.