GitHub Actions Stuck Run Audit
Security checks across malware telemetry and agentic risk
Overview
This skill is a local GitHub Actions report analyzer with behavior that matches its stated purpose and no evidence of hidden access, persistence, or destructive actions.
Reasonable to install if you want local auditing of exported GitHub Actions runs. Keep RUN_GLOB pointed at the intended export directory, review any JSON output before sharing it because it can include repository/workflow/run URLs, and enable FAIL_ON_CRITICAL only where blocking CI is intended.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.