ClawHub

Huo15 Openclaw Frontend Design

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent frontend design and UI verification helper, with a few workflow safety notes but no evidence of hidden, destructive, or data-stealing behavior.

Safe to install for UI prototyping if you are comfortable with broad activation on frontend/design requests. For sensitive projects, review before running the optional browser/a11y audit, avoid CDN injection unless acceptable, and confirm before deleting generated comparison drafts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition includes broad phrases like beautify/optimize UI requests, which can cause the skill to activate in contexts the user did not intend. Over-broad invocation increases the chance of prompt routing errors, incorrect tool selection, and unintended application of this skill's strong design opinions or workflows to unrelated tasks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The alias list contains highly generic labels such as '前端设计', '页面设计', 'Web 设计', 'APP 设计', and '无障碍', which are likely to collide with normal user phrasing. Such collisions can make the skill trigger too often, creating routing hijack behavior where unrelated requests are captured by this skill and processed under its assumptions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The dedicated trigger section repeats many broad keywords across web, mobile, mini-program, design-system, accessibility, and motion domains without enough gating logic. This broad net can cause unintended invocation across adjacent but distinct tasks, reducing predictability and potentially overriding more appropriate specialized skills.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly instructs deleting the other two draft files after a direction is chosen, but it provides no confirmation step, backup guidance, or warning that this is destructive. In an agentic workflow, such instructions can cause irreversible loss of work products or user-owned artifacts if the agent deletes files automatically or misidentifies which drafts are safe to remove.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow injects axe-core by loading JavaScript from a public CDN into the page under review, which creates an external network dependency and executes third-party code in the browser context. This can leak metadata such as IP/user agent/referrer and introduces supply-chain risk if the CDN asset is tampered with, which is more concerning because the skill frames this as a standard verification step rather than an optional networked action.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal