Repository Health Score

Security checks across malware telemetry and agentic risk

Overview

This is a read-only repository scoring skill with one optional GitHub metadata lookup that is disclosed and aligned with its purpose.

Install only if you are comfortable with a skill that reads the repository tree and local git metadata from the directory where it is run. If you do not want outbound GitHub requests or use of your authenticated GitHub CLI context, disable or skip the optional community metric commands that call `gh repo view`.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill invokes `gh repo view` to fetch live repository metadata, which goes beyond purely local analysis and can trigger outbound network access and use any authenticated GitHub CLI context present on the host. In an agent setting, even optional network-backed commands expand the trust boundary, may leak repository targets or metadata access patterns, and create behavior the user may not expect from a local scoring tool.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The notes state that the skill 'does not execute code or install dependencies — purely static analysis,' but the Community dimension performs live `gh` queries. This mismatch is security-relevant because operators may approve or sandbox the skill under false assumptions, leading to unexpected network access and possible credentialed API use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal