nuxt-ui-2

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This document is a benign integration and usage guide for a Nuxt/Vue UI component library. It describes expected local configuration, package installation, theming, component usage, and templates. There are no instructions or patterns that indicate credential harvesting, network proxies, code obfuscation, or other supply-chain attacks. Treat the content as documentation; perform normal repository-level vetting of the actual @nuxt/ui package code before installing, but the skill/document itself shows no malicious behavior. LLM verification: This Skill.md fragment is documentation-only and does not contain executable or obfuscated malicious code. The primary security concern is supply-chain hygiene: the install instructions use unpinned dependency installs (pnpm add / npm i) which can expose users to malicious or compromised package versions from the registry. There are no suspicious external domains, credential-harvesting code snippets, or dynamic eval patterns in the provided text. Final assessment: documentation is benign, but th