alon-github-security-audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed static security-audit helper that clones or reads a chosen target, writes a local report, and cleans up only its temporary clone directories.

Install only if you are comfortable with the skill cloning the GitHub repository you specify, reading the selected local project, and saving a security report on disk. Prefer HTTPS URLs if you do not want SSH credentials involved, approve online vulnerability lookups only when you are willing to share dependency metadata, and do not provide wallet, payment, or unrelated credentials because the artifacts do not justify them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares required binaries but no explicit permissions, while its workflow clearly includes shell command execution, network cloning, filesystem reads, report writing, and cleanup deletion. In an agent environment, this under-declared capability can mislead operators and permission systems about what the skill is actually allowed to do.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The description emphasizes a static-first audit, but the documented behavior also performs network cloning and local filesystem deletion. While these actions are not inherently malicious, the mismatch reduces transparency and can cause users or policy engines to approve the skill under an incomplete understanding of its operational reach.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill writes audit reports to local directories by default, including a fallback under the user's home directory, without a strong up-front warning at the main behavior description. This can create privacy and data-handling surprises, especially if reports include sensitive repository findings or local path information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal