Back to skill

Security audit

FlowStitch

Security checks across malware telemetry and agentic risk

Overview

FlowStitch is a coherent website-building skill, but it can scrape third-party sites and publish projects using broad, automated workflows without enough built-in approval or scoping safeguards.

Install only if you are comfortable with an agent creating local project files, calling Stitch tools, downloading generated assets, and potentially deploying publicly. Require explicit confirmation before any competitor scraping or deployment, verify you are authorized to analyze the target site, and confirm the exact Vercel/Netlify/GitHub account, project, repository, and URL before publishing. Keep .stitch metadata out of public repos unless reviewed and sanitized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing table uses broad phrases like "build me a [X]", "deploy", "quality check", and "make a video," which can overlap with normal conversation and trigger powerful workflows unintentionally. Because those workflows include scraping, shell commands, file writes, and deployment, accidental invocation raises the chance of unwanted external actions or tool use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports competitor-site scraping and one-command deployment but does not require authorization checks, privacy/legal warnings, or confirmation before acting on third-party sites or publishing content. In context, this is dangerous because the skill is optimized for end-to-end automation, so risky actions could be carried out quickly and at scale with little user friction.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation explicitly tells users to persist `metadata.json`, and the example schema includes project IDs, full resource names, screen identifiers, timestamps, and ownership metadata such as `userRole`. While this is not a secret-leak by itself, normalizing long-term storage of this data without guidance on minimization or protection can lead to accidental exposure of internal identifiers and access-context information in repos, logs, or shared artifacts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.