AI Labs Builder

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate project generator, but it creates an unauthenticated webhook workflow server and uses broad auto-invocation triggers, so it should be reviewed before installation.

Install only if you intend to use a generator that writes project files and runs npm/npx tooling. Use an explicit empty project directory, review generated code before deployment, add authentication/signature checks before exposing the generated webhook server, and avoid entering sensitive data into generated AI apps until privacy and provider handling are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares only tool access, but its documented examples and integrations clearly imply environment-variable access and outbound network communication to OpenAI, Anthropic, Pinecone, deployment platforms, and webhooks. When capabilities are broader than explicitly declared, users and platform controls may underestimate data exposure and external side effects.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script scaffolds an Express webhook server that accepts unauthenticated POST requests and immediately executes workflows based on a URL parameter. In a project generator whose stated purpose is workflow creation/MCP scaffolding, adding a remotely reachable execution surface without auth, signature verification, or explicit user opt-in expands the attack surface and can enable unauthorized workflow execution.

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger list contains broad phrases like 'dashboard', 'automation', 'ai agent', and generic creation verbs that can cause accidental invocation in normal conversation. In a skill with Write, Edit, Bash, Node, deployment, and external integration capabilities, unintended activation can lead to file changes, project generation, network calls, or other system-impacting actions without clear user intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises deployment and integration with external AI and database providers but does not present clear warnings about data leaving the local environment or about actions that can create live infrastructure. This increases the risk of users unintentionally transmitting prompts, documents, API keys, or project code to third parties, or triggering operational changes such as deploys and webhooks.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The generated chat API forwards arbitrary user messages to OpenAI with no user-facing privacy notice or consent mechanism. In an AI app builder context, this creates a meaningful data-handling risk because users may unknowingly submit sensitive or regulated information to a third-party processor.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The generated webhook endpoint allows remote input to select and trigger workflow execution, but there is no warning to the user and no authentication, authorization, or request-signature validation. In the context of a scaffold generator, this is dangerous because developers may deploy the generated server as-is, unintentionally exposing remote execution of business logic over HTTP.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 83% confidence
Finding: The trigger 'create website' overlaps with a common built-in 'create' command pattern, making accidental routing to this skill more likely. Because the skill can write files and invoke Bash/Node workflows, command shadowing can cause unintended project creation or other side effects.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 84% confidence
Finding: The trigger 'create project' is extremely generic and conflicts with standard assistant or platform create flows. In context, this makes the skill easier to invoke unintentionally and increases risk because the skill has write and execution-capable tools.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 82% confidence
Finding: The trigger 'build application' collides with common generic build intents and may shadow other command handlers. Given the skill's ability to generate code and potentially run tooling, ambiguous routing can produce unintended code generation or environment changes.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 80% confidence
Finding: The trigger 'chat interface' is broad and can match ordinary discussion about UI concepts rather than a deliberate request to invoke this skill. While less severe than generic create/build triggers, it still raises accidental invocation risk in a skill that can modify files and generate projects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal