Security audit

make-design-md

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed design-analysis helper, with limited privacy and third-party font CDN caveats users should understand.

Install only if you are comfortable providing the pages, files, or screenshots you ask it to analyze. Review generated preview HTML before publishing or sharing it, especially the hard-coded fonts.loli.net and gstatic.loli.net font links, and treat the optional npx validation/export commands as external package execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README advertises automatic URL fetching, local HTML reading, and screenshot analysis without any notice about what data may be transmitted, retained, or exposed during processing. In a skill context, this can lead users to provide sensitive internal URLs, local files, or screenshots containing secrets, creating a real privacy and data-handling risk even if the feature is not overtly malicious.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: Mandating replacement of Google Fonts domains with a specific domestic mirror introduces a hard-coded third-party dependency and silently changes where user/browser requests are sent. This can create privacy, integrity, and supply-chain concerns, especially because users are not given a choice, trust rationale, or warning that font traffic and related metadata will be redirected to another provider.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill hardcodes a third-party font CDN mirror replacement and labels it as mandatory, removing user choice and bypassing the original vendor endpoints. This can introduce supply-chain and privacy risks, because generated preview files will depend on an unverified mirror whose integrity, logging practices, availability, and licensing posture may differ from the original source.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.