Security audit

9527 Github Trending

Security checks across malware telemetry and agentic risk

Overview

This looks like a disclosed notification/scheduling skill, with privacy and cron-operation considerations users should understand before enabling it.

Install only if you are comfortable sending the chosen repository/news-interest content to the configured chat provider. Use least-privilege bot tokens, avoid sensitive private project names in notifications where possible, test manually before enabling cron, and document how to disable the schedule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill advertises sending notifications to Telegram, DingTalk, and WeCom but does not warn users that repository-interest data and destination identifiers or tokens will be transmitted to third-party services. This can cause unintended disclosure of usage patterns, tracked repositories, chat identifiers, or secrets to external platforms, especially for users who assume the skill is purely local.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The documented cron setup enables unattended recurring outbound notifications without warning that the skill will continue transmitting on a schedule. This increases the chance of persistent data leakage, noisy notifications, accidental token misuse, or unnoticed misconfiguration because the process runs automatically after initial setup.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.