Back to skill

Security audit

GitHub MCP Server

Security checks across malware telemetry and agentic risk

Overview

This GitHub automation skill is not malicious, but it gives an agent powerful repository-write abilities with too few built-in guardrails.

Install only if you trust the referenced MCP server and need agentic GitHub automation. Use a fine-grained token limited to specific repositories and permissions, prefer read-only access for browsing tasks, pin and verify the MCP package where possible, and require explicit human approval before file writes, branch merges, releases, repository creation, or bulk issue/PR changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to perform write-capable GitHub actions such as modifying files, creating pull requests, managing branches, and repository administration, but it does not instruct the agent to obtain explicit user confirmation before destructive or state-changing operations. In an agentic context, this can lead to unintended repository changes, workflow disruption, privilege misuse, or supply-chain impact if the agent acts on ambiguous prompts or poisoned inputs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow examples normalize autonomous mutating actions like updating files, creating pull requests, merging branches, labeling issues, and creating releases without any accompanying approval checkpoint or warning. Because these examples shape agent behavior, they increase the likelihood that an agent will execute impactful GitHub changes automatically, potentially causing data loss, unauthorized code changes, release mistakes, or abuse of repository permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.