Back to skill

Security audit

Share Local Site

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate localhost-sharing helper, but it needs review because it can publicly expose local development servers and recommends broad host-protection bypasses without enough safety guidance.

Install only if you intentionally want a local development server reachable from the internet. Before use, confirm the port is correct, avoid serving secrets/admin/debug routes/private data, prefer allowlisting the specific tunnel host instead of disabling host checks globally, and stop any tunnel or tmux session as soon as sharing is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill's core purpose is to expose a localhost service to the public internet, but it does not prominently warn about accidental exposure of sensitive dev environments, admin panels, test data, or unauthenticated endpoints. Users may treat this as a harmless sharing utility and unintentionally publish private content or internal-only services.

Missing User Warnings

High
Confidence
99% confidence
Finding
The framework-specific fixes instruct users to disable host-header protections (`disableHostCheck`, `allowedHosts: 'all'`, and `DANGEROUSLY_DISABLE_HOST_CHECK=true`) so apps accept requests from arbitrary hosts. Those protections exist to prevent DNS rebinding and unintended remote access to local development servers, and disabling them without strong warnings substantially increases exposure once the service is tunneled or otherwise reachable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The localhost.run path exposes a local service to the public internet via reverse SSH, but the script only says it is an SSH tunnel and gives the URL format; it does not clearly warn that anyone with the generated public URL may access the local app and any sensitive data it serves. This is especially risky for development servers, which often lack authentication, contain debug endpoints, or expose private test data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The cloudflared path publishes the local service externally with no clear disclosure of privacy, authentication, or exposure consequences. In the context of a skill specifically designed to share local development servers, this increases the chance users will expose unfinished apps, internal tooling, or sensitive demo content without understanding the security implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.