Back to skill

Security audit

Evez Github Manager

Security checks across malware telemetry and agentic risk

Overview

This GitHub management skill is not malicious, but it advertises broad repository-changing powers and token-based access without enough scoping or safety guidance.

Review this skill carefully before installing. Use a fine-grained GitHub token limited to the specific repositories and permissions you need, and require explicit confirmation before any merge, branch deletion, issue closure, release creation, or multi-repo operation. Treat the advertised mutating features as under-documented, and note that some documented commands or integrations may not be implemented by the included script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is broadly phrased to trigger on many common GitHub-related tasks, including reviewing PRs, managing issues, automating actions, syncing repos, and coordinating workflows. Overbroad activation boundaries can cause the skill to be invoked in situations the user did not specifically intend, increasing the risk of unnecessary repository access or accidental destructive actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The feature list includes inherently destructive or high-impact operations such as merge, close issues, delete branches, create releases, and multi-repo sync, but the skill text provides no warning that these actions can alter or destroy repository state. In this context, omission is more dangerous because the skill is explicitly designed to operate on live GitHub resources where mistakes can propagate quickly across branches or repositories.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The authentication section instructs users to provide a GITHUB_TOKEN or use an existing integration, but it does not warn about token scope, storage, logging, or the sensitivity of repository metadata and write permissions. This is risky because users may supply overprivileged credentials and not understand that the skill can perform broad actions against their GitHub account or organization.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.