Back to skill

Security audit

SenseCraft HMI Web Content Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent e-ink web content generator, but it can run a local web server and asks users to publish it through a reverse proxy for device access.

Install only if you are comfortable with Node/npm setup, a PM2-managed local web server, and optional public tunneling. Keep tokenized URLs private, avoid publishing sensitive content or local images, prefer access-controlled tunnels where possible, and stop the PM2 service when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill goes beyond generating local e-ink content by instructing the user to expose the local web service to the public internet via reverse proxy tools. Publicly forwarding a localhost service materially expands the attack surface and can expose generated pages, tokens, and any server weaknesses to external attackers.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script starts a local HTTP server and launches the user's browser via a shell command. In a skill context, this expands the attack surface beyond content generation: any local process or web page able to reach the listening port can POST arbitrary data to the save endpoint, and the shell-based browser launch is an unnecessary privileged action for the stated purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly instructs users to expose a localhost web server to the public Internet via a reverse proxy, but provides no warning about access control, token leakage, network exposure, or the risks of publishing locally generated content. Even if token authentication exists, documenting public exposure without security guidance can lead users to unintentionally expose sensitive local services or share bearer-token URLs that grant access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to serve generated content locally and then encourages reverse-proxy publication, but it does not provide explicit privacy or security warnings about exposing local resources or user-supplied content. In context, the generated pages may include user data, images, or dynamic scripts, so publishing them without caution can lead to unintended disclosure or wider compromise if the server is weakly protected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/init_project.js:25

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/wizard.js:63

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/init_project.js:52