Commit Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill locally reads Git commit history to report activity health, with no evidence of hidden network access, credential use, or destructive behavior.

Install from the reviewed artifact when possible, run it only in repositories whose commit history you intend to analyze, and enable heartbeat logging only if you want commit-health summaries stored in local agent memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: This markdown file includes an integration step to append analyzer output to `memory/heartbeat-state.json`, which is a file write affecting user or system data. The description provides no warning or disclosure about that modification, so users may not realize the integration persists data to disk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal