Back to skill

Security audit

Fe Cli

Security checks across malware telemetry and agentic risk

Overview

This frontend scaffolding skill is not malicious, but it ships several powerful or privacy-sensitive defaults that users should review before generated projects are used beyond local experimentation.

Install only if you are comfortable reviewing and editing generated templates. Before using generated projects, remove or gate Tauri shell support unless needed, make auto-update opt-in with signed HTTPS update channels, bind dev servers to localhost unless LAN testing is intentional, avoid storing bearer tokens in localStorage, and disable remote log submission unless you add clear consent, redaction, and an approved endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The shared scaffold includes `submitLogs()` functionality that can transmit collected application logs to an arbitrary configured remote endpoint. In a project-initialization skill, this capability is unrelated to core scaffolding and creates an unnecessary data egress path that could expose tokens, user identifiers, URLs, errors, and other sensitive diagnostics if developers enable or reuse it without careful review.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
The logger persistently stores application log entries in `localStorage`, which may retain sensitive operational data in a browser-accessible location longer than expected. While not immediately exploitable on its own, this increases exposure in the event of XSS, shared-device access, or accidental logging of secrets, and it is not necessary for a baseline frontend scaffolding template.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The template enables `tauri_plugin_shell` by default even though the stated scaffold purpose is a basic Tauri desktop app. Shell/subprocess capability materially expands the attack surface: any later IPC command, frontend compromise, or misconfiguration can turn this into arbitrary local command execution from the app context.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Including shell/subprocess support by default is unjustified for ordinary scaffolding and violates least privilege. In a Tauri app, unnecessary shell capability is especially risky because the frontend and IPC layer are common trust boundaries; if either is abused, the app may be leveraged to spawn processes or interact with the host system.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad enough to match common phrases about creating or reviewing frontend projects, increasing the chance the skill is invoked unintentionally. Unintended invocation can cause an agent to read additional files, scaffold projects, or steer workflows the user did not explicitly request, which is especially risky in automated environments with tool access.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is fairly broad and can activate on generic requests like 建站/博客/文档站/VitePress project without strong disambiguation or guardrails. In an agentic environment, this can cause the skill to run in contexts where the user only asked for advice or comparison, leading to premature project scaffolding actions and unintended command suggestions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill enables Electron auto-update and schedules periodic update checks over the network by default, but does not require explicit user disclosure, consent, or safe deployment guidance. In a scaffolding context this can normalize silent background network activity and, if the update channel is misconfigured or served insecurely, can expose users to unwanted update behavior or update-supply-chain risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly configures Vite's dev server with `host: '0.0.0.0'`, which exposes the development server on all network interfaces and makes it reachable from the local network. In a scaffolding skill that may be followed blindly, this can unintentionally expose source code, debug endpoints, and proxied local APIs to other devices on the same LAN, especially since the proxy configuration is included and no warning or opt-in is provided.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The template explicitly includes a `log-export.ts` capability with a future submit-to-endpoint function but provides no guidance on data minimization, consent, redaction, or safe transport. In a frontend scaffold, this can normalize collecting and transmitting client logs that may contain tokens, PII, URLs, or internal diagnostics, creating a real privacy and data-exfiltration risk if implemented carelessly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template provides a remote log submission path but does not present a clear end-user warning, consent flow, or strong safeguards around transmitting diagnostic data. That makes it easy for downstream projects to ship functionality that silently sends potentially sensitive troubleshooting data off-device, creating privacy and compliance risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template persists authentication tokens and user profile data in client-side storage, which is accessible to any JavaScript running in the origin. If the generated app later has an XSS flaw or includes a compromised third-party script, the token can be stolen and reused for account takeover. In a frontend scaffolding skill, this pattern is especially risky because it encourages insecure defaults across many downstream projects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Pinia template persists `token` and `userInfo`, again placing sensitive auth material in browser-managed storage accessible to script. That creates a straightforward token-exfiltration path if the generated application is ever exposed to XSS, browser extension abuse, or untrusted injected code. Because this is shared scaffolding, the insecure pattern can propagate widely.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition is broad enough that ordinary requests about React Native, mobile apps, or app projects could activate this scaffolding skill without strong confirmation of user intent. In an agentic system, overly broad activation boundaries can cause the wrong tool/skill to run, leading to unintended file creation, dependency installation guidance, or workflow changes in contexts where the user only wanted advice or review.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.