Security audit
Frontend Vibe Suite
Security checks across malware telemetry and agentic risk
Overview
The skill is coherent and purpose-aligned, with disclosed DashScope API use and local helper scripts; no malicious behavior is evidenced, but users should notice the API key requirement and bundled Python cache files.
This skill appears reasonable for its frontend design workflow if you are comfortable running its Python helper scripts and sending selected prompts/public media URLs to DashScope. Before use, configure only a trusted DashScope endpoint and key, review command paths, keep generated files in a project workspace, and consider removing the bundled __pycache__/.pyc files.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
