saas-scaffolder

Security checks across malware telemetry and agentic risk

Overview

This SaaS project generator is purpose-aligned and shows no hidden data theft or destructive behavior, but its generated auth and payment code should be reviewed before production use.

Install only if you want a SaaS scaffold generator. Run it in a new project directory or use dry-run first, do not treat generated auth or billing flows as production-ready without review, verify Stripe webhook handling and price controls, and never commit real OAuth, database, or Stripe secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill describes generation of files and use of environment variables but does not declare corresponding permissions. Hidden or undeclared capabilities reduce the platform's ability to enforce least privilege and make it harder for users or reviewers to understand what the skill can access or modify. In a scaffolding skill, file writing is expected, but lack of explicit declaration is still a real security and governance issue.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: A description-behavior mismatch is dangerous because reviewers and users may trust the documented secure, narrowly scoped behavior while the skill actually performs broader or different actions. That can bypass policy expectations, trigger the skill in unintended contexts, and lead to code generation that omits critical security controls like auth, billing webhook validation, or database setup despite claiming production readiness.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: Overly broad trigger phrases can cause the skill to activate in many common development requests, increasing the chance that powerful code-generation behavior runs when the user did not intend it. In this context, the danger is amplified because the skill claims to create production-ready auth, billing, and infrastructure scaffolding; accidental invocation could generate misleading or incomplete security-sensitive code at scale.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script performs unattended directory creation and file writes based on a user-supplied output path, which can overwrite or populate filesystem locations without an explicit confirmation step. In an agent skill context, this is more dangerous because the tool may be invoked automatically, causing unintended modifications to the user's workspace or sensitive paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal