app-maker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted prompt or bad model response could cause the builder to write outside the intended app folder, potentially overwriting files the user can access.
The generated file map comes from the LLM, but filenames are joined directly to the output directory with no check for absolute paths or '..' traversal; the backend writer uses the same pattern.
return await self._call_llm(prompt)
...
for filename, content in code.items():
file_path = frontend_dir / filename
file_path.parent.mkdir(parents=True, exist_ok=True)
with open(file_path, 'w', encoding='utf-8') as f:
f.write(content)Reject absolute paths and '..' segments, resolve every output path, and enforce that it remains under the selected project directory before writing.
Generated dependencies and npm scripts may run with the user’s local privileges.
The quickstart instructs users to install dependencies and run a generated project, which is expected for an app generator but executes code and package scripts from generated content.
cd my-first-app # Install dependencies npm install # Start dev server npm run dev
Review the generated package.json, dependency list, and scripts before running npm install, npm run dev, or deployment commands.
Following the npx examples may run code outside the reviewed skill package if the CLI is fetched from npm.
The documentation shows running an app-builder CLI via npx, including a command that handles an API key, while the registry metadata has no install spec or required binary for that CLI.
npx app-builder init my-app ... npx app-builder config set claude-api-key sk-ant-...
Prefer the included Python script unless the app-builder npm package is verified and pinned; do not paste API keys into an unverified CLI.
Anyone who can read the config file may be able to use the configured model accounts.
The skill expects users to store LLM provider API keys in a local config file; this is purpose-aligned for multi-model generation, with no evidence of credential logging or unrelated use.
"_instructions": "复制此文件到 ~/.config/app-builder/models.json 并填入你的 API Keys", ... "apiKey": "sk-ant-your-key-here"
Use least-privilege API keys, protect the config file permissions, and rotate keys if they are exposed.
App requirements, designs, schema details, or code prompts may be sent to third-party AI providers, possibly more than one if fallback is enabled.
The skill is designed to send generation work to external model providers and may fall back among providers.
- **Claude Code** (Anthropic) - Premium code generation - **Qwen** (Alibaba Cloud) - Excellent Chinese support - **Gemini** (Google) - Multimodal capabilities - **GLM** (Zhipu AI) - Cost-effective option Automatic fallback ensures your workflow never stops.
Avoid using confidential requirements unless the selected provider policies are acceptable; disable fallback or restrict configured providers when data residency matters.