Back to skill

Security audit

Flatnotes + Tasks.md GitHub Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward audit tool that reads local task and note files, checks GitHub PR status, and writes report files without hidden persistence or destructive behavior.

Before running it, confirm TASKS_ROOT and FLATNOTES_ROOT point only to directories you intend to audit, check which GitHub account gh is authenticated as, and treat the generated tmp reports as private because they may contain task titles, project names, local paths, and PR details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/audit.mjs:53