Back to skill

Security audit

springboot-standardizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent SpringBoot project scaffolding helper, but its generated Redis configuration contains an unsafe deserialization pattern users should review before applying.

Install only if you want a SpringBoot/MyBatis project analysis and scaffolding helper. Run it against a version-controlled or disposable project path, review diffs before keeping generated files, and replace the generated Redis serializer with a safer typed or restricted serialization approach before using it in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough to match common software-engineering requests like project cleanup or Java refactoring, which increases the chance of accidental invocation. In a skill that can analyze and generate project structures, overbroad activation may cause unintended file operations or users receiving risky restructuring guidance when they did not explicitly request it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes scanning projects, generating structures, and applying templates, but it does not warn users that these actions may alter existing code layout, overwrite files, or introduce configuration changes. In a refactoring tool, missing warnings materially increase the risk of accidental disruption, data loss, or unsafe changes being applied to a live codebase.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.