github-helper

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its GitHub-helper purpose, but it includes persistent file changes, including an instruction to edit its own SKILL.md path, that users should review before installing.

Install only if you are comfortable letting the agent inspect a local GitHub directory, summarize repository README files, use your GitHub CLI/MCP access, and rewrite /Users/liuchen/Documents/github/CLAUDE.md. Back up any existing CLAUDE.md first, invoke cloning or syncing intentionally, and do not allow the skill to edit SKILL.md unless you explicitly want to make a persistent local configuration change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs reading from a local knowledge base file and updating repository metadata files, which implies file read/write capability without any declared permissions or guardrails. Undeclared capabilities reduce transparency and can lead to unintended access or modification of local data when the skill is invoked.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The description emphasizes search, clone, sync, and inspection workflows, but the body also directs the agent to create or overwrite a local CLAUDE.md knowledge base. That hidden state-changing behavior can surprise users and cause unintended file modification, especially because it is framed as part of normal repository lookup activity.

Self-Modification

High

Category: Rogue Agent
Content: If `/Users/liuchen/Documents/github` does not exist: 1. Ask user for the correct repository root path. 2. Update this SKILL.md path if needed. 3. Initialize knowledge base at the new location. ## Scripts
Confidence: 97% confidence
Finding: Update this SKILL

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal