Repo Onboarding

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear repo-onboarding purpose, but it asks agents to run unbundled local scripts and optionally install a recurring cron job, so it needs review before use.

Install only if you trust the referenced local scripts. Run it on a branch or disposable copy first, review generated docs before relying on them, and do not enable the daily cron unless you inspect the cron script and know how to disable it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the user to run local scripts that generate and write multiple files under the target repository, but it does not clearly warn that repository contents will be modified. In an agent setting, this can cause unexpected file creation or overwrites in a repo the user did not intend to change, especially because the commands are framed as routine onboarding steps.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This section instructs installation of repository PM tooling and offers adding a cron job, both of which create persistent changes beyond a transient analysis task. The repo initialization modifies repository state, and the cron setup changes system-level scheduled tasks; without a prominent warning and consent gate, an agent could make durable repo and host changes the user did not authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal