firstskill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent generative-art template, with the main caveat that its HTML viewer loads p5.js and fonts from third-party CDNs.

This skill appears safe to install for generative-art work. Before using generated HTML in sensitive or offline settings, know that it may contact cdnjs and Google Fonts when opened; vendor those dependencies locally if that matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The template loads p5.js and Google Fonts from third-party CDNs, which means opening the artifact causes external network requests and executes remotely hosted JavaScript. This breaks the stated self-contained design and creates supply-chain and privacy risk: a compromised CDN, dependency swap, or network observer could alter behavior or track users.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The comment explicitly claims the artifact should be self-contained, but the implementation depends on third-party hosted assets. That mismatch is dangerous because reviewers and downstream users may trust the artifact as offline/safe when it actually introduces external dependencies and the associated integrity and privacy risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal