EvoWeb.ai Website Builder

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward EvoWeb website-builder skill that sends website descriptions to EvoWeb to create hosted sites, with no evidence of hidden code, local persistence, or unrelated access.

Install only if you are comfortable sharing website descriptions with EvoWeb and allowing the skill to use your EvoWeb API key to create hosted sites. Avoid including secrets, credentials, regulated personal data, or confidential plans in prompts, especially because the no-key flow places the prompt in a registration URL.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill sends user-provided website descriptions to EvoWeb's external API, but it does not clearly warn users up front that their prompts will be transmitted to a third-party service. Those prompts may contain sensitive business details, personal data, or proprietary plans, so the lack of explicit disclosure can lead to unintended data exposure and weak informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal