OpenTangl Plugin

Security checks across malware telemetry and agentic risk

Overview

This plugin exposes powerful OpenTangl automation, including repository changes and merges, but those capabilities are disclosed, purpose-aligned, and gated as optional tools.

Install only if you trust OpenTangl and want chat-driven repository automation. Start with read-only tools, enable mutating tools deliberately, use preview/run modes where available, and keep branch protections or human review in place before allowing PR creation or merges.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README documents mutating tools such as autopilot, workflow execution, merge, and prune without an explicit warning that they can write code, create commits, open PRs, and merge changes. In an agent-skill context, unclear documentation can cause an operator to allow dangerous tools or invoke them without understanding the side effects, increasing the chance of unintended repository changes.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The example 'Run the full merge pipeline' shows the agent calling the merge tool and notes that it creates PRs, waits for CI, and merges, but it does not include a safety warning or confirmation step. In a chat-driven autonomous workflow, examples strongly influence user behavior, so this omission can normalize high-impact actions without explicit acknowledgment of the risks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The plugin explicitly exposes mutating capabilities that can commit changes, open PRs, merge branches, prune tasks, and run autopilot workflows, but the documentation does not give a sufficiently prominent warning about repository modification, remote side effects, or required operator approval. In an agent-integrated context, this increases the risk that a user enables powerful tools without understanding that they can alter local repositories and trigger actions on remote services such as GitHub.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description advertises broad autonomous capabilities such as proposing tasks, running autopilot cycles, executing workflows, and managing merge pipelines "all from chat" without any stated trigger boundaries, approval gates, or scope limitations. In an agent skill, this can cause overbroad invocation and unsafe delegation of high-impact development actions, increasing the chance of unintended code changes, workflow execution, or repository-wide operations from ambiguous user prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal