Visual Bug Hunter

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only UI debugging skill whose screenshot, click-testing, and code-fix behavior is disclosed and aligned with finding visual bugs.

Install this only when you want an agent to visually inspect and test a GUI or web app. Close sensitive windows, prefer test data, avoid production flows that can cause real actions, and review any generated code diff before accepting it. Separately vet the optional CLI/PyPI project mentioned in the README if you choose to install that outside this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README promotes automated app launching, clicking, screenshot capture, and code-fix generation, but it does not clearly warn users that the tool may interact with the desktop, inspect on-screen content, or modify project files. In an agent-skill context, this omission increases the chance of unsafe or unintended execution against sensitive apps, data, or repositories because users may not realize the operational scope before invoking it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal