Agent Component

Name: skills/agent-ui
Author: tool-belt

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill directly manipulates the user's browser

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Agent Component: Batteries-included agent component from [ui.inference.sh](https://ui.inference.sh).

Actually does

This skill installs a React/Next.js UI component and an SDK using `npx shadcn` and `npm install`. It configures a Next.js API proxy route that utilizes the `@inferencesh/sdk` to communicate with the `inference.sh` platform, authenticated via an `INFERENCE_API_KEY`. The UI component then interacts with this proxy to enable AI agent functionalities, potentially leveraging external AI models.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nametool-belt/skills/agent-ui

Registrygithub

Versionb684df19dfd3

PURLpkg:github/tool-belt/skills@b684df19dfd3?skill=agent-ui

Stars346

Installs30

Source

Repository ↗SKILL.md ↗

SHA-2566879b542f986...

SHA-18430b1070939...

MD52757e8c6e2f9...

TLSH2a7186574832...

Size3,530 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/tool-belt/skills/tree/main/skills/agent-ui

30 installs

Claude CodeDocs

/plugin marketplace add tool-belt/skills

/plugin install agent-ui@tool-belt/skills

Skills.shDocs

npx skills add https://github.com/tool-belt/skills --skill agent-ui

Assessments (1)

AI Agent Traps ↗

Agent can scan and fill UI forms client-sidecriticalcommand execution, data exfiltration, autonomy abuse

The agent is explicitly configured with client-side tools (`scan_ui`, `fill_field`) that allow it to interact directly with the user's browser UI. This poses a significant risk for unauthorized data extraction from the UI or performing actions (e.g., submitting forms) without explicit user consent, potentially bypassing human oversight.

100% confidenceline 83

system_prompt: 'You can fill forms using scan_ui and fill_field tools.', createScopedTools

External dependencies introduce supply chain riskhighsupply chain

The skill instructs users to install components and SDKs from external URLs (`ui.inference.sh`, `@inferencesh/sdk`) using `npx` and `npm`. A compromise of these external sources could lead to the injection and execution of arbitrary malicious code within the user's project.

100% confidenceline 16

npx shadcn@latest add https://ui.inference.sh/r/agent.json, npm install @inferencesh/sdk

Agent supports file and image uploadsmediumdata exfiltration, resource abuse

The `allowFiles` and `allowImages` props enable the agent to handle file and image uploads. Without robust server-side validation and sanitization, this capability could be abused for data exfiltration, uploading malicious content, or consuming excessive resources.

90% confidence

allowFiles | boolean | Enable file uploads, allowImages | boolean | Enable image uploads

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/tool-belt/skills/agent-ui.svg)](https://mondoo.com/ai-agent-security/skills/github/tool-belt/skills/agent-ui)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/tool-belt/skills/agent-ui"><img src="https://mondoo.com/ai-agent-security/api/badge/github/tool-belt/skills/agent-ui.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/tool-belt/skills/agent-ui.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow