Security audit

App Builder

Security checks across malware telemetry and agentic risk

Overview

This is a broad app-building guidance skill with no executable code or hidden data access, though users should approve any dependency installs, payment integrations, or deployments.

Install this only if you want a general-purpose app-building helper. Review its plans before allowing repository changes, dependency installation, external service setup, payment integration, or deployment, especially when secrets, costs, or production environments are involved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises very broad activation criteria such as building new applications, adding features, scaffolding, or planning implementations, which can match a large share of normal developer requests. Over-broad routing increases the chance this skill is invoked when a narrower or safer skill would be more appropriate, expanding its authority and making unintended code generation or project modification more likely.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow explicitly directs the agent to deploy applications and provide a live URL, but it does not require explicit user confirmation, environment checks, or warnings about external side effects. In an agent setting, this can cause unintended production changes, publication of unfinished or unsafe code, or use of deployment credentials without sufficiently informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal