Back to skill

Security audit

GitHub PR Manager

Security checks across malware telemetry and agentic risk

Overview

This is a transparent GitHub pull-request helper whose powerful GitHub actions are expected for its purpose, but users should confirm merges, reviews, and pushes before running them.

Install only if you want Codex to operate GitHub PR workflows using your currently authenticated gh account. Before approving, merging, enabling auto-merge, editing labels, or pushing after a rebase, confirm the active account, repository, PR number, base branch, target branch, CI status, and review requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell-capable actions (`bash`, `gh`, `git`, `python3`) but does not declare permissions or operational boundaries. In an agent setting, missing permission declarations reduces transparency and can allow repository-modifying commands to be executed without explicit user awareness or policy gating.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents merge and history-rewriting workflows, including merge, auto-merge, and force-push during rebase, without warning about branch protection, irreversible history changes, or the need for confirmation. In an autonomous or semi-autonomous agent context, this can lead to unintended code integration, loss of commits, or disruption of collaborator workflows.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
git checkout <pr-branch>
git fetch origin
git merge origin/main                # resolve conflicts
git push

# Alternative: rebase instead
git rebase origin/main               # resolve conflicts
Confidence
94% confidence
Finding
git push # Alternative: rebase instead git rebase origin/main # resolve conflicts git push --force

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.