magic-api-generate

Security checks across malware telemetry and agentic risk

Overview

This documentation skill matches its magic-api purpose, but it includes copyable examples for persistent database APIs with unsafe authentication and under-scoped destructive operations.

Install only if you want help building magic-api endpoints. Treat the snippets as learning examples, not production-ready code: restrict the magic-api Web UI, limit script authoring to trusted admins, sanitize returned user objects, use modern password hashing, and add authorization before any endpoint performs CRUD, upload, export, or cleanup actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The login example returns the full `user` record to the client after authentication, and the preceding query loads the record directly from the database without removing sensitive fields. In common schemas this includes `password` or password hash data, which creates unnecessary secret exposure and can enable credential cracking, reuse attacks, or broader account compromise.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The syntax reference explicitly documents importing arbitrary Java classes and accessing Spring beans from scripts, which can expose the full host application's capabilities to script authors. In the context of a low-code framework that maps scripts directly to HTTP APIs, this materially increases the risk of remote code execution, unauthorized data access, privilege abuse, and security control bypass if scripting is available to untrusted or insufficiently isolated users.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example exposes destructive cleanup logic behind a GET endpoint with no authentication, authorization, or anti-abuse controls. If implemented as shown, anyone who can reach the endpoint could trigger deletion of records older than 7 days, causing unauthorized data loss or repeated destructive operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal