The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill repeatedly generates and encourages the execution of commands to download configuration and code from https://tool-ui.com/r/{name}.json using npx shadcn add. Because tool-ui.com is not a verified trusted source, this allows for the installation of arbitrary, potentially malicious code or scripts into the user's project.\n- REMOTE_CODE_EXECUTION (HIGH): The npx shadcn add command with a remote URL is a mechanism for remote code execution. Shadcn registry files can contain instructions to install dependencies and write files to the local system, meaning the owner of the remote domain can execute code on the developer's machine when these commands are run.\n- COMMAND_EXECUTION (MEDIUM): The skill includes multiple Python scripts (tool_ui_compat.py, tool_ui_components.py, tool_ui_scaffold.py) that perform local operations such as modifying components.json and generating shell commands for the agent to execute. While these are utility scripts, they operate with the same privileges as the agent.\n- DATA_EXFILTRATION (MEDIUM): The script scripts/tool_ui_compat.py performs a recursive scan of the entire project root (rglob('*')) to identify import patterns in code files. While no direct network exfiltration was detected in the provided code, this broad file system access to a user's entire codebase represents a significant security surface for potential data exposure.

tool-ui-integrator