ClawHub

app-maker

Security checks across malware telemetry and agentic risk

Overview

The skill is broadly consistent with an AI app generator, but it under-scopes credential handling, external prompt sharing, deployment risk, and file-write boundaries enough that users should review it carefully before installing.

Install only if you are comfortable reviewing and containing generated output. Use environment variables or a secret manager where possible, do not put real keys in screenshots, verify any npx package source before running it, review generated files before npm install or execution, and deploy only after checking secrets, access controls, billing impact, and public exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (12)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script explicitly instructs the presenter to open the model configuration file and highlight API key configuration during a screen recording, but it provides no instruction to redact, mask, or use dummy credentials. This creates a realistic risk of secret exposure in the recorded video, livestream, screenshots, or editing assets, which could allow unauthorized use of paid AI services or compromise associated accounts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells users to place long-lived API keys in a plaintext local config file and provides example key fields, but it gives no guidance on file permissions, secret managers, environment variables, or avoiding accidental commits and backups. This increases the likelihood of credential exposure through local compromise, shared machines, shell history, cloud sync, or source control mistakes.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The quick-start flow encourages deploying generated applications directly to production with `vercel --prod` and deployment commands, but it does not instruct users to review generated code, secrets, access controls, or configuration first. For an app generator, this is risky because generated output may contain insecure defaults, debug settings, placeholder auth, or exposed endpoints that become publicly reachable immediately after deployment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README instructs users to place API keys in a local config file and advertises deployment capabilities, but it provides no guidance on secure credential storage, file permissions, secret exclusion from version control, or the side effects of deployment. In an AI-driven app-generation/deployment skill, this omission can lead users to mishandle secrets or trigger unintended cloud actions and costs.

Missing User Warnings

High
Confidence
99% confidence
Finding
The guide instructs the user to open a model configuration file and explicitly highlight the API key configuration section in a screenshot. If those screenshots are shared publicly, committed to the repository, or uploaded to a marketplace, they can expose live credentials and enable unauthorized access to third-party AI services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly documents one-command deployment to cloud platforms and production publishing, but it does not warn users that these actions can modify live infrastructure, expose services publicly, incur cost, or publish generated code that has not been security-reviewed. In an agent context, this increases the chance of unsafe or unintended real-world changes being triggered from ambiguous prompts or generated output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes API key configuration examples with realistic secret formats and direct CLI examples for setting keys, but it does not emphasize secure secret handling, storage protections, redaction, or the danger of committing credentials to files or logs. This can lead users to paste live secrets into plaintext config files, shell history, generated artifacts, or shared repositories.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The upload summary and long description prominently advertise automated code generation and one-click deployment capabilities, but they do not warn users about the risks of generating unreviewed code, using external APIs, modifying infrastructure, or deploying to live environments. In a skill intended for broad distribution, this omission can lead users to run high-impact actions without understanding potential effects on systems, costs, secrets, or data.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The manifest advertises deployment automation and lists deployment targets such as Vercel, Docker, Kubernetes, and Aliyun, but provides no visible warning in the package metadata that these actions may create, modify, or publish live infrastructure. In an agent skill context, that omission can normalize high-impact operations and increase the chance that users invoke production-affecting behavior without understanding the consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User-supplied app descriptions, PRD data, UI designs, and schema details are forwarded to third-party LLM APIs without any clear disclosure, consent flow, or data-classification guardrails. This can leak sensitive business logic, credentials accidentally pasted into prompts, or proprietary requirements to external providers, especially because the tool automatically sends multiple stages of derived data off-host.

Ssd 3

High
Confidence
99% confidence
Finding
These instructions explicitly direct the user to show the API key configuration section of `~/.config/app-maker/models.json`, which materially increases the chance that secrets will be captured in published images. Because the file is a real per-user config path, the context makes accidental credential disclosure more likely rather than hypothetical.

External Transmission

Medium
Category
Data Exfiltration
Content
}
        
        response = await client.post(
            "https://api.anthropic.com/v1/messages",
            headers=headers,
            json=payload
        )
Confidence
91% confidence
Finding
https://api.anthropic.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal