ClawHub

Vercel Ai Sdk

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent instruction-only Vercel AI SDK reference; its tool-calling and chat-history examples are expected, but generated app code should still enforce approvals and data-handling limits.

Reasonable to install as an instruction-only documentation skill. When using it to generate code, review any onToolCall or sendAutomaticallyWhen logic, require confirmation for sensitive tools, validate tool schemas, and decide how messages, files, and tool outputs are stored or shared with model providers.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

If copied without guardrails, generated applications could automatically run client-side tools such as location lookup or resend tool outputs when a model requests them.

Why it was flagged

The reference shows how a model-emitted tool call can trigger client-side code automatically. This is expected SDK functionality, but sensitive tools need explicit scoping and approval.

Skill content
### Automatic Execution ... onToolCall: async ({ toolCall }) => { ... const location = await getCurrentLocation(); addToolOutput({ ... output: location }) ... }
Recommendation

Use automatic tool handlers only for low-risk, read-only actions; require approval for location, deletion, account changes, purchases, or other sensitive operations.

#ASI06: Memory and Context Poisoning
Low
What this means

Apps generated from these examples may retain chat content, files, metadata, and tool results beyond the immediate session.

Why it was flagged

The examples include persisting full chat message history. That is common for chat apps, but stored messages and tool outputs can contain sensitive or untrusted content.

Skill content
onFinish: ({ messages, finishReason }) => { // Save to database saveMessages(messages); }
Recommendation

Define storage retention, redact sensitive fields, disclose persistence to users, and treat stored chat content as untrusted when reused in later prompts or workflows.