GitHub项目调研器

Security checks across malware telemetry and agentic risk

Overview

This is a transparent GitHub research helper that sends repository search and lookup requests to GitHub, which matches its purpose.

Install only if you are comfortable with repository names, search terms, and public GitHub metadata lookups being sent to GitHub. Avoid using confidential internal project names as search terms, and remember that GitHub CLI requests may use your logged-in GitHub account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs live GitHub API and CLI queries using user-supplied search terms without warning that those terms will be sent to GitHub. If users provide sensitive internal project names, code names, or other confidential identifiers, the skill could externally disclose that information to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal