threejs-scene-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [Malicious URLs] (SAFE): The automated alert for 'this.ca' is a false positive. The scanner misidentified the code property 'this.camera' as a malicious domain. The script does not perform any network requests or contain malicious URLs.
- [Data Exposure & Exfiltration] (SAFE): No network operations or access to sensitive local files (such as credentials or SSH keys) were detected. The script only writes boilerplate code to the specified local directory.
- [Dynamic Execution] (SAFE): The script generates TypeScript code using string templates. While it incorporates user-provided arguments into the generated code, this behavior is the primary intended purpose of the tool (scaffolding) and occurs only during local development. It does not execute the generated code itself.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata