Back to skill

Security audit

vuact

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only guide for using Vuact to mix React and Vue components, with no hidden execution or data-access behavior found.

Install this as a Vuact reference skill if you want help with React/Vue interoperability. Be careful when applying its package overrides, because replacing react, react-dom, or @vue/runtime-dom can affect a whole project dependency tree and should be reviewed in your app before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises activation for very broad phrases such as any mention of mixing React and Vue in the same project. Overly broad triggers can cause the agent to invoke this skill in situations where it is only tangentially relevant, increasing prompt-surface exposure and the chance that lower-priority or mismatched guidance overrides more appropriate skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.