gerritaction
Security checks across malware telemetry and agentic risk
Overview
The skill is for legitimate Gerrit automation, but it asks users to install an unpinned external CLI and can approve, submit, or delete every Gerrit change matched by a query.
Install only if you trust the `gerritaction` package source and can pin or verify it. Use a low-privilege Gerrit account, avoid committing real credentials, run a query-only command first, inspect the exact matched changes, and require explicit confirmation before approve, submit, delete, or bulk reviewer actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.