Git Repo Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a local Git repository auditing tool, with the main caveat that its reports can reveal snippets of secrets it finds.

Install only if you need a local Git audit tool. Run it on repositories you are allowed to inspect, keep terminal output and JSON reports private, avoid publishing CI logs or artifacts containing scan results, and rotate any real credentials it reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The scan output intentionally includes a truncated portion of the matched secret value and prints it to console/JSON. Even partial credential disclosure can leak usable sensitive material into logs, terminals, CI output, or downstream systems, increasing the blast radius of already-exposed secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal