Back to skill

Security audit

Vercel Ai Sdk

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Vercel AI SDK reference skill with some copyable examples that need normal review around automatic tool calls and stored chat data.

Reasonable to install as a documentation skill. When using it to generate code, review any onToolCall, addToolOutput, sendAutomaticallyWhen, location access, payments, deletion, or persistence examples before shipping; require explicit user approval for sensitive tools and decide what chat content is stored or sent to providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description includes many broad trigger terms such as library names, hooks, message types, and generic operations like streaming responses or tool calls. Overly broad activation criteria can cause the skill to fire in unrelated contexts, increasing the chance that an agent applies this guidance where it does not fit and potentially introduces insecure or incorrect implementation patterns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes examples that access client-side location data and auto-submit tool outputs, but the surrounding guidance does not consistently emphasize explicit user consent, privacy disclosure, or safe permission UX. In an SDK reference, developers often copy examples directly, so this can normalize privacy-sensitive behavior and lead downstream applications to collect and transmit location data without sufficiently clear user warning or approval flow.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly recommends automatic client-side tool execution and automatic message sending, but does not prominently warn that these behaviors can trigger actions without explicit user confirmation. In an AI chat SDK context, that omission is security-relevant because developers may copy these patterns into apps that invoke sensitive tools, causing unintended data access, external side effects, or approval bypasses.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
function ChatWithTools() {
  const { messages, addToolOutput } = useChat<MyToolMessage>({
    onToolCall: async ({ toolCall }) => {
      if (toolCall.toolName === 'autoExecute') {
        const result = await executeAutomatically();
        addToolOutput({
          tool: 'autoExecute',
Confidence
92% confidence
Finding
autoExecute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
if (toolCall.toolName === 'autoExecute') {
        const result = await executeAutomatically();
        addToolOutput({
          tool: 'autoExecute',
          toolCallId: toolCall.toolCallId,
          output: result
        });
Confidence
90% confidence
Finding
autoExecute

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.