Back to skill

Security audit

Releaseguard

Security checks across malware telemetry and agentic risk

Overview

ReleaseGuard is a coherent release-artifact security helper, but users should avoid the optional remote shell installer and be explicit before running mutating commands.

Prefer Homebrew or a pinned, verified release binary. Do not use the curl-to-shell installer in sensitive environments. Run dry-run modes first for fix, harden, and obfuscate, provide explicit artifact paths, and only supply signing keys, OIDC tokens, or cloud tokens when those features are required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill defines very broad trigger phrases such as 'scan', 'check', 'audit', and 'analyze release', which can overlap with ordinary user requests and cause unintended invocation of the skill. In an agent environment, accidental activation can lead to unplanned filesystem access, artifact inspection, or follow-on actions on release outputs, especially when the skill is user-invocable.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The Fix command is activated by phrases like 'fix', 'harden', 'apply fixes', and 'remediate', which are highly generic and especially risky because this command modifies artifacts rather than only reading them. In a multi-tool agent setting, these triggers could cause unintended write operations on release outputs when a user asks for general remediation or hardening advice.

Vague Triggers

Low
Confidence
87% confidence
Finding
Including the standalone trigger phrase 'sign' is too generic and may collide with common language unrelated to artifact signing. Although signing is narrower than fixing, accidental invocation could still initiate sensitive cryptographic workflows, potentially using local keys or CI OIDC-based keyless signing in the wrong context.

Vague Triggers

Low
Confidence
83% confidence
Finding
The Verify command includes the trigger phrase 'verify', which is a common verb and may be matched outside artifact-integrity scenarios. Unintended invocation is less severe than a mutating command, but it can still cause confusing behavior, unnecessary processing, or validation against the wrong target.

External Script Fetching

Low
Category
Supply Chain
Content
curl -sSfL https://raw.githubusercontent.com/Helixar-AI/ReleaseGuard/main/scripts/install.sh | less

# 2. If satisfied, run it:
curl -sSfL https://raw.githubusercontent.com/Helixar-AI/ReleaseGuard/main/scripts/install.sh | sh
```

**Alternative — direct binary download (no shell script):**
Confidence
98% confidence
Finding
curl -sSfL https://raw.githubusercontent.com/Helixar-AI/ReleaseGuard/main/scripts/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
curl -sSfL https://raw.githubusercontent.com/Helixar-AI/ReleaseGuard/main/scripts/install.sh | less

# 2. If satisfied, run it:
curl -sSfL https://raw.githubusercontent.com/Helixar-AI/ReleaseGuard/main/scripts/install.sh | sh
```

**Alternative — direct binary download (no shell script):**
Confidence
99% confidence
Finding
| sh

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.