Commit Tidy

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Git helper whose commands match its commit-cleanup purpose, with the main caution that optional examples can change staging state and create commits.

Reasonable to install for commit organization. Before allowing it to run commands, review git status and the proposed file groups, and remember that git reset HEAD changes what is staged while git commit creates local history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill includes state-changing git commands (`git reset HEAD`, `git add`, `git commit`) as an execution step without an explicit warning that they modify repository state and may unstage work or create commits. In an agent skill context, this is risky because an automated assistant could present or execute these commands without ensuring the user understands the consequences, leading to accidental history or staging changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal