Security audit

Serverless Template Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate simple serverless project templates, with deployment commands that users should review before publishing but no hidden or automatic unsafe behavior found.

Before installing or using it, verify which platforms it actually supports and review generated files before running deploy commands. Use preview or staging deploys first, confirm the active cloud account and project, and check secrets, access controls, public endpoints, and billing settings before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation presents `vercel deploy`, `netlify deploy --prod`, and `wrangler publish` as straightforward commands without warning that they can publish code, expose endpoints, incur costs, or create/update live cloud resources. In a skill intended to accelerate setup, users may run these commands uncritically, increasing the chance of accidental production deployment or unintended resource changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal