ClawHub

awesome-design-skill

Security checks across malware telemetry and agentic risk

Overview

This is a design-style reference skill with disclosed local file copying and preview assets, with no evidence of credential use, exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with a skill that can copy a selected DESIGN.md into your working directory and whose preview HTML files may contact third-party font hosts when opened. Review before using the random or smart-select helpers if you require explicit style selection every time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (51)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill metadata and repeated trigger guidance say it should only activate when the user explicitly specifies a design style, but the documented bundled scripts also enable smart inference, random style selection, and copying files into the working directory. That mismatch can cause unintended execution paths and side effects, especially if an agent relies on the description for safety boundaries and then invokes behavior that selects or writes files without clear user intent.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The HTML imports fonts from third-party domains (`fonts.loli.net` and `gstatic.loli.net`) even though this preview page appears to be a local design reference artifact. Loading remote assets leaks user IP address, user agent, referrer/context, and access timing to external parties, and it also creates a supply-chain/dependency risk if those resources are changed or become unavailable.

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
This HTML preview pulls font resources from external domains (`fonts.loli.net` and `gstatic.loli.net`) even though the skill is described as selecting and presenting local design-system guidance. External fetches create unnecessary network egress, expose viewer metadata such as IP address and access timing to third parties, and introduce a supply-chain/dependency risk if the remote resource changes or becomes malicious.

Context-Inappropriate Capability

Low
Confidence
92% confidence
Finding
This preview page loads fonts from third-party hosts (fonts.loli.net and gstatic.loli.net), causing user IP address, user-agent, timing, and referrer-related metadata to be disclosed whenever the file is opened. For a local design-preview skill, that network dependency is unnecessary and expands the attack surface through tracking, availability risk, and possible supply-chain compromise of externally served assets.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
This preview HTML loads fonts from third-party hosts, which introduces unnecessary outbound network access for a local design preview. That can leak viewer metadata such as IP address, user agent, and referrer, and it also creates supply-chain and availability risk if the remote font service is modified, blocked, or unavailable.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The preview page fetches font resources from third-party domains (`fonts.loli.net` and `gstatic.loli.net`), which causes outbound network requests whenever the file is rendered. Even though this is a static design preview, those requests can leak viewer metadata such as IP address, user agent, timing, and referrer context, and they introduce an unnecessary external dependency that could be abused if the third-party service is compromised or unavailable.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The preview page fetches fonts from third-party hosts, which introduces unnecessary outbound network access for a local design catalog. Even without script execution, these requests leak metadata such as user IP address, timing, and referrer context to external services, and they create a supply-chain/dependency risk if the remote font service changes or becomes unavailable.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The standalone `[secret]` marker is unrelated to the file’s declared purpose of documenting a UI design system and suggests hidden or placeholder sensitive content embedded in prompt material. In an agent skill, unexplained secret-related tokens can cause accidental disclosure, prompt confusion, or indicate that sensitive data was inserted into distributable assets without proper handling.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
This preview page makes outbound requests to third-party font hosts, which introduces unnecessary network access for what is described as a local design-style preview. Even without active script execution, those requests can leak user IP address, user-agent, referrer context, and create a supply-chain/dependency risk if the remote asset is changed or unavailable.

Description-Behavior Mismatch

Low
Confidence
95% confidence
Finding
The preview HTML loads third-party font resources from fonts.loli.net and gstatic.loli.net, which creates external network dependencies in what is described as a local design-style catalog. This can leak user metadata such as IP address and user agent, introduces supply-chain and availability risk, and may violate offline/local-only expectations even if no active script execution is present.

Context-Inappropriate Capability

Low
Confidence
92% confidence
Finding
The HTML preview pulls fonts from third-party hosts, which introduces unnecessary outbound network requests for a static local preview. Even without script execution, this leaks user metadata such as IP address, user agent, and access timing to external services and creates a supply-chain/dependency risk inconsistent with a purely local design-preview skill.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The preview page loads external font resources from third-party domains, which creates unnecessary outbound network requests and data exposure for a static local design preview. While not an active code-execution issue, it can leak user metadata (IP, user agent, referer) and introduces a supply-chain/dependency risk unrelated to the core task of presenting local design-system assets.

Context-Inappropriate Capability

Low
Confidence
92% confidence
Finding
The preview HTML imports fonts from third-party hosts, which causes outbound network requests whenever the file is rendered. For a local design-preview skill, this adds unnecessary external connectivity, creating privacy, availability, and supply-chain exposure if those hosts track requests, fail, or serve altered assets.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The preview page imports web fonts from external hosts, which causes outbound network requests whenever the HTML is opened. In a local skill asset whose purpose is only to present a design preview, this creates unnecessary third-party dependency, leaks user metadata such as IP address and user agent, and introduces supply-chain/privacy risk if the external font service changes or is compromised.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
This preview page imports fonts from third-party hosts (fonts.loli.net and gstatic.loli.net), causing client browsers to make outbound requests when the local HTML is opened. Even without script execution, these requests leak metadata such as user IP, user agent, timing, and referrer context, and they introduce an unnecessary supply-chain and tracking dependency for a static design preview. In the context of a style-selector skill, external network access is not necessary to fulfill the stated purpose, so the behavior is unjustified and should be treated as a real security/privacy issue.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The preview page fetches fonts from third-party hosts, which creates an unnecessary outbound network dependency for a local design catalog. This can leak user metadata such as IP address and user agent, reduce offline portability, and introduce supply-chain/privacy risk if the external resource is modified or unavailable.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The preview page fetches fonts from third-party domains, which causes outbound network requests when the file is opened. In a local design-preview context this is unnecessary exposure: it leaks user metadata such as IP address, user agent, and timing information to external services, and creates a small supply-chain/privacy risk if those resources change or become malicious.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
This HTML preview imports fonts from third-party domains, causing network requests when the file is opened. In a skill whose stated purpose is a local design-style catalog/preview, those external dependencies are unnecessary from a security/privacy standpoint and can leak user IP, user-agent, referrer context, and access timing to external services; they also create a supply-chain/dependency risk if the remote resource changes or becomes malicious.

Context-Inappropriate Capability

Low
Confidence
92% confidence
Finding
This HTML preview imports web fonts from third-party hosts, causing network requests and exposing metadata such as IP address, user agent, and access timing whenever the file is opened. For a local design catalog/preview file, this external dependency is unnecessary and expands the trust boundary without clear justification.

Description-Behavior Mismatch

Low
Confidence
92% confidence
Finding
The preview HTML loads external font resources from third-party domains, which causes network egress and exposes viewer metadata such as IP address, user agent, and access timing. In a skill described as a local design/style viewer, this is an unexpected dependency and creates privacy, availability, and supply-chain risk if the remote asset is changed or unavailable.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The preview page pulls font resources from third-party domains, which causes outbound network requests when the local catalog is opened. In a skill whose purpose is a local design-style selector/catalog, this creates unnecessary data exposure, tracking risk, and supply-chain dependence on external infrastructure.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The page pulls fonts from a third-party CDN, which creates unnecessary network dependency and leaks viewer metadata such as IP address, user agent, and access timing to an external service. In a local design-style catalog, this is not essential functionality, so it expands the privacy and supply-chain attack surface without clear need.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
This preview HTML loads fonts from third-party hosts, which introduces unnecessary outbound network requests in what should be a local, static design artifact. That creates privacy, supply-chain, and availability risks: opening the file leaks access metadata to external services and the preview can change or fail depending on those remote hosts.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The HTML preview loads fonts from third-party hosts, which causes network egress from what is otherwise a local design preview file. That leaks viewer metadata such as IP address, user agent, and access timing, and it also creates a supply-chain and availability dependency on external infrastructure.

Context-Inappropriate Capability

Low
Confidence
96% confidence
Finding
The preview loads web fonts from third-party domains, which creates unnecessary outbound network requests for a local static design catalog. Even without active scripting, this leaks access metadata such as IP address, user agent, timing, and referrer context to external services, and introduces supply-chain/privacy risk if those resources change or become unavailable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal