GH Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed GitHub monitoring helper that uses normal GitHub CLI read commands and optional scheduled alerts.

Install this only if you want an agent to use your GitHub CLI access for repository monitoring. Use explicit owner/repo names, avoid private repos unless intended, review any cron schedule, and verify message or alert destinations before sending repository activity outside GitHub.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "watch repo" is broad and plausibly overlaps with normal user language, which can cause the skill to activate unexpectedly for requests that were not intended to invoke GitHub monitoring behavior. In a skill that can query repositories, inspect issues/PRs, and schedule cron-based notifications, accidental invocation increases the risk of unintended data access, actions, or noisy automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal