Back to skill

Security audit

Web App Template

Security checks across malware telemetry and agentic risk

Overview

This is not executable malware, but its template gives an agent broad ongoing memory and proactive maintenance authority that users should review before installing.

Install only if you want an agent workspace with persistent memory and heartbeat-style proactive maintenance. Before use, edit the templates so the agent must ask before deleting bootstrap files, updating dependencies, deploying, accessing logs or monitoring systems, or storing sensitive personal/project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template instructs the agent to adopt persistent identity and memory-management behaviors beyond ordinary web-app development, including automatically reading and maintaining personal context files each session. This expands the agent's standing access to user data and encourages autonomous behavior that can persist sensitive information or act on stale context without explicit, task-scoped user consent.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The MEMORY.md section explicitly authorizes collection, editing, and long-term curation of personal context, framed as a security-sensitive store but still broadly writable by the agent. This creates a durable repository of user-related information that may exceed necessity, increase privacy risk, and be surfaced in later sessions or contexts in ways the user did not intend.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The heartbeat section authorizes proactive monitoring of deployments, error logs, performance, and security scans, which extends the agent's role from a workspace template into ongoing operational surveillance. In practice, this can drive the agent to access external systems, logs, or sensitive telemetry without a fresh user request, increasing both privacy exposure and unauthorized-action risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to delete BOOTSTRAP.md after reading encourages file deletion as a default startup action without a user-facing confirmation or warning. Even if the file is intended to be ephemeral, automatic deletion can remove auditability, erase setup context needed later, or normalize destructive actions before trust boundaries are established.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.