ClawHub

Node.js Project Architecture

Security checks across malware telemetry and agentic risk

Overview

This instruction-only Node.js architecture skill is not malicious, but it repeatedly pushes agents to add weakly scoped admin config editors and secret-prone config patterns by default.

Install only if you want very opinionated Node.js architecture guidance and will review generated code carefully. Do not apply its admin dashboard pattern by default; keep secrets out of config.json, expose only an explicit allowlist through /api/config, and require strong authentication, authorization, validation, audit logs, CSRF protection where relevant, and restricted deployment for any config-changing admin routes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The README elevates an architecture convention into a blanket requirement that every project include an admin dashboard and admin route, expanding the attack surface of generated applications whether or not they need administrative capabilities. In a skill meant to guide project structure, prescribing universal admin functionality and live configuration management can cause agents to scaffold sensitive control paths by default, which is unsafe if developers do not add strong authentication, authorization, and auditing.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The example admin hot-reload endpoint writes req.body directly into config.json and merges it into the live process config with no schema validation, field allowlisting, or integrity checks shown. This is dangerous because it normalizes a pattern where an authenticated or bypassing attacker can alter arbitrary runtime behavior, disable protections, corrupt application state, or inject sensitive configuration changes that persist on disk.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill makes an admin dashboard with hot-reload a universal requirement even though its stated purpose is project structure for AI-friendly development. That broadens the generated system from passive architecture guidance into operational control surfaces, increasing the chance that downstream projects expose unnecessary privileged functionality.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The universal pattern includes a write-capable admin endpoint that overwrites config.json at runtime from request data. Even with a placeholder requireAdmin check, this encourages deployment of a highly sensitive mutation endpoint that can alter application behavior, weaken security settings, or break service integrity if authentication is weak or bypassed.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Prescribing universal admin capabilities like password login, stats, backup history, and restore exceeds what is needed for codebase organization and normalizes inclusion of privileged interfaces in all generated projects. These features enlarge the attack surface and may expose sensitive operational data or destructive actions in projects that otherwise would not need them.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill is configured to auto-activate on very common prompts such as creating a Node.js project or refactoring a large codebase, increasing the chance that its risky architectural prescriptions are injected into unrelated tasks without explicit user intent. In context, that makes the unsafe admin/config patterns more likely to propagate widely across generated projects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly suggests placing API keys in config.json while also describing a pattern that serves configuration to clients and supports live editing, but it does not clearly separate server-only secrets from client-safe values. In an AI coding skill, this omission is especially dangerous because generated projects may copy the pattern verbatim and accidentally expose secrets through static files, API responses, backups, or admin tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The pattern directly overwrites project configuration files and creates backups based on incoming request bodies, with no warnings, validation, or safety controls shown. This is dangerous because malformed or malicious input could corrupt configuration, introduce insecure settings, or create an easy persistence mechanism through config manipulation and restore behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation specifies admin endpoints that perform immediate live configuration changes and backup restoration, but it does not mention safeguards such as confirmation prompts, authorization strength, audit logging, validation, rollback safety, or warnings about production impact. In the context of an AI-assisted project architecture skill, this can normalize unsafe admin tooling patterns and lead implementers to expose state-changing operations that can disrupt service, revert security settings, or apply invalid configuration instantly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes a plaintext admin password in `config.json` without any warning that secrets should not be hardcoded or committed to source control. In a project architecture skill, examples are often copied directly into real projects, so this pattern can lead users to store credentials insecurely and accidentally expose them through repositories, backups, or deployment artifacts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The admin hot-reload example performs an unrestricted overwrite of `config.json` and also overwrites the backup file each time, with no validation, atomic write strategy, or rollback protections. In this skill's context, it is especially dangerous because it presents an architectural pattern that developers may adopt verbatim for live admin systems, increasing the risk of corruption, accidental destructive updates, and unsafe configuration changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The installation text says the skill 'auto-triggers when you create or refactor Node.js projects' without defining concrete activation conditions, scope limits, or user-consent boundaries. In an agent-skill system, overly broad auto-activation can cause the skill to influence unrelated tasks, load unnecessary instructions into context, or unexpectedly steer code generation/refactoring behavior across projects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guidance explicitly models storing sensitive values such as API keys in a plain `config.json`, which commonly ends up committed to source control, copied across environments, or served accidentally by static file middleware. In a skill intended to shape project architecture, this is especially risky because it normalizes insecure secret management patterns that downstream users may implement verbatim.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Specifying an admin password directly in `config.json` encourages hardcoded or plaintext credential storage, which can lead to credential disclosure through repository leaks, backups, logs, or misconfigured file serving. The surrounding guidance also promotes runtime config editing and an admin dashboard, which increases the chance that this secret is broadly accessible or mishandled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal